Lead Information Security Analyst

Job Description

Job Title: Lead Information Security Analyst Job Code: 10047 Country: IN City: Mumbai Skill Category: IT\Technology Description: Background Information: Information Security Third Party Cyber Risk Management team conducts security assessment on vendor/third party supporting Nomura business teams for all of Nomura globally. There are various trigger points which ensure Information Security team is involved in the end to end lifecycle of Third Party engagement process and can perform necessary due diligence on the Third Party from Cyber Security perspective on information access and handling in line with Nomura policies and standard requirements. Position Specifications: Corporate Title Associate Functional Title Lead Support Analyst Experience 7 9 Years Qualification Bachelor s Degree in Engineering (Computer / Telecommunication), Computer Science / Information Technology or equivalent Duties & Responsibilities: Job Overview: Responsibilities: Maintain strong governance on the thirdparty cyber risk assessment (TPCRM) process in terms of complying with regional and global requirements. Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process in align with CISO goals. Identify noncompliances in Third Party Cyber Security control landscape and create and discuss the assessment reports with stakeholders. Perform Third Party Cyber Security assessments by coordinating with various business departments and Third Parties. Provide recommendations to the Third Party to remediate identified noncompliances and document remediation plans. Periodically track noncompliances reported to the Third Parties for closure and validate the evidences shared by Third Parties. Ensure periodic reporting on all the open items and completed assessments. Liaise with stakeholders such as business owner, technology owner, legal team etc. to include the Information Security requirements in the contracts with third party vendor Maintain and update inventory of assessments and define reassessment calendars. Carry out reassessments based on defined reassessment calendars. Generate daily/weekly/monthly KRI & KPI reports for internal and senior management consumption. Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process based on various international regulatory requirements and industry best practices. Work with various stakeholders to automate the assessment and risk management process. Work in a strategic and operational capacity to identify the overall Supplier Threat and Risk posture for the firm. Foster a close partnership with our Firm wide Cybersecurity Threat Intelligence team (to interpret and manage risk as well as evolve processes and function). Knowledge, Skill, Experience Required: Essential: Knowledge of regulatory frameworks and experience with regulatory compliance Familiarity with security standards (e.g., CRI, ISO 27001, NIST) Indepth understanding of information security principles and practices Knowledge of current cyber threats and mitigation strategies Strong collaboration skills along with the ability to effectively communicate complex securityrelated information to a business audience, including risk identification, assessment, and remediation activity. Excellent communication skills with the ability to articulate complex cyber threat information to technical and nontechnical audiences. Demonstrable ability to create and maintain collaborative relationships in a large, multinational organization. Strong understanding of cyber security principles and technologies. Beneficial: Specialist training or skills in one or more of the following: Security certification (CISA/CISM/CISSP/CRISC/ISO27001 etc.). Cloud Security Certifications. Personal Characteristics: Strong communication skills, ability to work comfortably with different regions Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative. Strong analytical and problemsolving abilities Ability to work independently and as strong team player in global team Ability to run with multiple tasks concurrently and manage expectations appropriately .