Principal Information Security Specialist

 

Responsibilities:

 

·       Lead operational execution of enterprise data protection tools including BigID, MIP, DLP, Thales, Truffle Hog, etc.

·       Manage end-to-end incident response workflows related to data leakage, sensitive data discovery, and misconfiguration.

·       Ensure operational efficiency of data discovery, classification, and protection capabilities across endpoints, cloud, and on-prem environments.

·       Collaborate with engineering, compliance, legal, and business teams to define and implement data protection policies.

·       Oversee and optimize data classification strategies (manual, suggestive, and automated).

·       Track and report key metrics including incident trends, false positives, and SLA adherence.

·       Drive adoption and user training programs related to data classification and labeling.

·       Participate in and lead audits, risk assessments, and regulatory readiness reviews.

·       Own tool lifecycle—from onboarding, configuration, integration to tuning and decommissioning.

·       Serve as escalation point for high-priority incidents, executive reporting, and stakeholder briefings.

 

Knowledge, Skill, Experience Required:

Required:

·       13–15+ years of overall experience in Information Security.

·       8+ years of direct experience in data protection, DLP, or data privacy.

·       Proven experience managing enterprise-grade tools like BigID, MIP, Symantec/Forcepoint DLP, Thales Cipher Trust, Truffle Hog, and/or others.

·       Strong understanding of data discovery, classification, encryption, rights management, and related regulatory standards (e.g., GDPR, HIPAA, DPDP, CCPA).

·       Solid background in cloud security controls (M365, AWS, Azure, GCP) and hybrid deployments.

·       Expertise in SIEM and SOAR integrations, incident response, and threat modeling.

·       Experience with scripting or automation (e.g., Python, PowerShell) a plus.

·       Familiarity with compliance frameworks such as ISO 27001, NIST, RBI, etc.

 

Beneficial:

·       Symantec and Forcepoint DLP Certification

·       Microsoft Certified: Information Protection Administrator Associate (SC-400)

·       Certifications such as CIPT, CIPP, CISSP, CISM, or equivalent preferred.

·       Azure Security / Microsoft 365 Security certifications

 

Personal Characteristics:

·       Strategic thinker with hands-on execution capability.

·       Excellent communication and stakeholder management skills across technical and non-technical audiences.

·       Strong problem-solving and analytical skills.

·       High degree of professional integrity, ownership, and accountability.

·       Proactive and collaborative team leader, able to operate in cross-functional and matrixed environments.

·       Adept at working under pressure with strong prioritization and decision-making skills.

 

We are committed to providing equal opportunities throughout employment including in the recruitment, training and development of employees. We prohibit discrimination in the workplace whether on grounds of gender, marital or domestic partnership status, pregnancy, carer’s responsibilities, sexual orientation, gender identity, gender expression, race, color, national or ethnic origins, religious belief, disability or age.

 

 

*Applying for this role does not amount to a job offer or create an obligation on Nomura to provide a job offer. The expression "Nomura" refers to Nomura Services India Private Limited together with its affiliates.