Risk & Control Analyst

Department overview

The GCIO function oversees group-wide technology, operations, and our data office. Our purpose is to support Nomura’s business strategy and deliver consistent group-wide services based on common operating principles. We are aligned to our key businesses across the group and operate enterprise-wide functions for risk management, governance and controls, supply chain and infrastructure.

The Chief Controls Office (CCO) is a key function within GCIO and our purpose is aligned to the GCIO Strengthen & Protect strategic pillar. We are a global team focused on strengthening our non-financial risk management framework enabling the business to accelerate strategic delivery, whilst enhancing our ability to dynamically manage risks and evidence that we are operating in control.

CCO function is on a multi-year global transformation journey which starts with building the right foundations especially the right skills and capabilities within our global team.

Role description

Nomura in Powai is looking for a Controls Assurance Analyst to join the Global Controls Assurance Centre of Excellence. The candidate will be responsible for design adequacy and operating effectiveness testing of controls relevant to GCIO risks – such as Information Technology (IT), Information Security (IS), Data Management etc.

This is an excellent opportunity for an experienced Controls Tester looking for a career development opportunity. They will play a pivotal role within GCIO – CCO in managing the Global GCIO controls assurance function.

The ideal candidate will have a strong background in controls testing within financial services and excellent analytical and problem-solving skills.

Key responsibilities:

• Execute controls testing procedures in accordance with the established methodology and testing plans, ensuring the accuracy and completeness of testing activities.
• Document testing workpapers clearly and concisely, providing sufficient evidence to support findings and conclusions, including recommendations for remediation and management action.
• Identify and escalate potential control deficiencies and areas for improvement, providing supporting documentation and analysis.
• Analyse testing results, identify trends and patterns that may indicate control weaknesses or areas of heightened risk.
• Collaborate with various departments within GCIO for control walkthroughs, sampling, evidence collection etc.
• Maintain up-to-date knowledge of industry standards and best practices related to controls testing.
• Support the creation of GCIO Controls Assurance management information (MI)
• Participate in audits and assessments, providing support and insights as needed.
• Actively participate in team meetings and discussions, contributing ideas and insights to enhance the effectiveness and efficiency of controls assurance activities.
• Support Controls Assurance Lead to continuously identify and implement improvements within the assurance framework.

Skills & Experience Required

• 5-8 years’ experience in Information Security controls testing.
• Strong understanding of Information Security, for example,  data protection, vulnerability assessment, penetration testing, security events and monitoring, data loss prevention, endpoint detection and response, network security etc
• Knowledge of industry standards like NIST and ITIL
• Excellent analytical and problem-solving skills
• Knowledge of regulatory requirements and industry best practices related to controls assurance, relevant to GCIO risks – such as Information Technology (IT), Information Security (IS), and/ or Data Management
• Exceptional communication skills, both verbal and written, with the ability to influence and engage stakeholders at all levels.
• Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.
• Strong organization skills and attention to detail.
• Familiarity with cyber security, resilience and related domains preferred.
• Prior experience with Service Now Integrated Risk Management (SNOW - IRM) preferred.

Qualifications

• Bachelor’s degree in Information Technology (IT), Computer Science, or a related field;
• Relevant certification (e.g., CISA, CISSP), ISO 27001 Lead Auditor preferred