Role Title: Deputy ICT Risk & Information Security Officer
Location: Frankfurt am Main, Germany
Employment Type: Full-time (Hybrid Working Model)
Company overview
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com
Department Overview
The ICT Risk & Information Security Officer (ISO) role is established as a dedicated control function by the NFPE Management Board to manage and oversee Information Security (IS) and ICT risks as they relate to NFPE.
The NFPE Deputy ICT Risk & Information Security Officer is part of the ICT Governance function and requires a broad understanding of Information Security, IT Risk Management, IT Services and the controls that are relevant to proper oversight within the institution and with regard to third parties.
Together with the NFPE’s ICT Risk & Security Officer, the Deputy role is responsible in particular of the development, monitoring and analysis of Information Security risks and controls with respect to regulatory requirements, industry standards and Nomura policies.
The position requires demonstrated expertise in Information Security and regulatory compliance, with professional qualifications and experience commensurate with the role's responsibilities.
Key objectives critical to success:
Strategic Leadership and Information Security Governance
* Lead and support the entity implementation and oversight of the global Information Security framework, including strategies, policies, standards and guidelines, ensuring alignment with business objectives and regulatory requirements
* Support and oversee the implementation of the institution's IT Strategy and support the execution of the global Information Security Strategy within NFPE, ensuring alignment with both group-wide objectives and entity business strategy and operational resilience
* Support monitor and report on security metrics, key risk indicators, and overall information security status to the management board through regular updates and ad hoc reports as needed
* Serve as the primary point of contact for Information Security matters with internal and external stakeholders, coordinating with the global CISO organization on cross-border and group-wide security initiatives
IS Risk Management and Regulatory Compliance
* Ensure alignment and compliance of Information Security controls with applicable regulatory frameworks, including but not limited to EU DORA and BaFin's MaRisk
* Support liaison with regulatory authorities for Information Security risk matters
* Coordinate with Compliance & Legal to identify and address Information Security related regulations
* Support internal and external Information Security related audits and regulatory requests
* Support annual review of the ICT risk management framework
* Support reporting to and advisory to the management board on Information Security risk assessments, vulnerabilities, threats, their potential business impact, and mitigation strategies
Governance and Stakeholder Management
* Represent NFPE (IT) in various Nomura Group Committees, Forums and industry Working Groups to ensure integration with effective risk management
* Engage with third-party service providers and internal projects on security requirements and controls
IS Incident Management
* Establish and maintain an IS incident management framework
* Coordinate and oversee security incident response, ensuring timely detection, reporting, and resolution of incidents
* Submit DORA Major ICT Incident and Significant Cyber Threat notifications to competent authorities
* Ensure post-incident analysis and implementation of lessons learned
* Establish clear channels and guidelines for employees to confidentially and promptly report incidents
Training and Awareness
* Initiate and coordinate measures to develop and deliver organisation-wide training programs on Information Security, ICT risk management, and regulatory compliance
* Foster a culture of digital operational resilience by promoting awareness of Information Security, ICT risks and regulatory obligations
Required Qualifications
* Experience in Information Security, preferably in financial services
* Proven expertise in IT governance or Security frameworks (e.g., ISO2700x, COBIT, CRI)
* Demonstrated experience in first or second line of defence roles within financial institutions
* Strong background in ICT risk management frameworks and methodologies
* Deep knowledge of EU and German regulatory frameworks, particularly:
o DORA (Digital Operational Resilience Act)
o MaRisk / BAIT (Bankaufsichtliche Anforderungen an die IT)
o NIS2 (Network and Information Security Directive 2)
o CRA (EU Cyber Resilience Act)
* Experience in dealing with EU regulatory authorities
* Professional Information Security certifications (e.g., CISSP, CISM, CISA)
* Fluent in German and English (written and spoken)
* Strong stakeholder management skills
Preferred Qualifications
* Experience in global financial institutions
* Knowledge of international financial regulations
* Advanced degree in Information Security, Computer Science, or related field
* Experience with third-party risk management
* Additional related certifications (e.g., CRISC, CGEIT)
What We Offer
* Opportunity to shape and influence the CISO framework of a global financial institution
* Work within a sophisticated three lines of defence model
* Competitive compensation package
* Dynamic, international work environment
* Professional development opportunities
Nomura competencies
Explore Insights & Vision
* Identify the underlying causes of problems faced by you or your team and define a clear vision and direction for the future.
Making Strategic Decisions
* Evaluate all the options for resolving the problems and effectively prioritize actions or recommendations.
Inspire Entrepreneurship in People
* Inspire team members through effective communication of ideas and motivate them to actively enhance productivity.
Elevate Organizational Capability
* Engage proactively in professional development and enhance team productivity through the promotion of knowledge sharing.
Inclusion
* Respect DEI, foster a culture of psychological safety in the workplace and cultivate a "Risk Culture" (Challenge, Escalate and Respect).
Diversity Statement
Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.
DISCLAIMER: This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.
Nomura is an Equal Opportunity Employer