Associate, Lead PMO (Singapore)

Company overview

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com

Nomura employs a robust Vulnerability Management (VM) team, members of which are located in all of its major regions, namely EMEA, Americas, India, Singapore, and Japan. This team is separated into two distinct areas: 
•    Vulnerability Management - Operations
•    Vulnerability Management – Coordinators

Operations is responsible for the day-to-day BAU requirements of VM operations along with vulnerability and policy-based remediation, analysis, notification and tracking. Members are also responsible for designing, implementing, and maintaining Nomura’s IT Security Policy and strategies.

Coordination is more focused on vulnerability analysis and remediation of the vulnerabilities. They will be using the regular scan results and work with the varying remediation teams to remediate the vulnerabilities within set Patch/Remediation Guidelines.

The team’s focus is to serve as the single point of contact for all Vulnerability Management related queries, concerns, and technologies.   The team provides a high standard of user and business support in a responsive and timely manner across all businesses, takes responsibility and ownership for maintaining the global/regional VM strategy, and delivers the operational deployment of global/regional VM services in a manner consistent with the common VM goals and objectives. Working as part of a global team, troubleshoot and resolve VM related issues with the firm’s various cross-region infrastructure platforms and technologies. Collect diagnostic materials and other supporting evidence to identify the root cause of problems with our VM Tooling. Assist application support, development teams and Platform support teams in diagnosing Vulnerability and Policy based issues. 

This position will coordinate information and actions across all Regional Teams (other regional VM leads and coordinators), meeting with them regularly through regional handovers. The position will also be responsible for regional regulatory, audit and KRI reporting ensuring regional VM scanning, remediation and policy scans ensuring SLAs and reporting KRIs. The focus of this resource will be primarily AEJ Region (but includes coverage across the global; handover of other regional Ops resources is critical).

The role also involves coordinating closely with application teams to address and remediate vulnerability identified through Static application security testing (SAST), Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST).

 
Responsibilities:

The role will manage day to day VM coordination in region, have administrative access in VM tool, coordinate remediation efforts, track trends and work on VM related projects, tooling and efficiency gains. The VM Coordination will also serve as an in-region Zero-Day/Celebrity Vulnerabilities or high-risk Security Incident Manager, managing these issues as a follow-the-sun coordinator till the issue is mitigated and/or remediated. Position will be responsible for vulnerability escalation and tracking. The coordinator role will manage vulnerability remediation efforts within the region and globally. They will be required to work with application owners and support teams on all VM remediation efforts including vulnerabilities identified with VM, SAST, SCA and DAST scans.

The position also will be required to know and work along with other teams in these varying areas:
•    Threat Intelligence
•    Security Operations Centre •    Security Surveillance
•    Vendor Risk Management
•    Cyber Incident Response and Forensics 
•    Penetration Testing and Red Team Exercises 
•    Governance, Risk, and Compliance (GRC), 
•    Security Architecture
•    Information Security Policy Setting
•    Information Security Management and Training

All team members will need to perform project management activities (Change the Bank (CTB)), as well as operational activities and support (Run the Bank (RTB)). 

Requirements:

Mandatory:
•    Min 5 years of Information Security Experience and at-least 2 years in Vulnerability Management, including VM Tooling (Rapid7) and Application Security Tooling (like Sonarqube, Nexus IQ, Rapid7 appscan)

•    Experience with Reporting Tools (PowerBI), creating automation scripts to analyze data and create targeted vulnerability remediation campaigns
•    Experience with responding to MAS, RBI and SEBI audit controls related to vulnerability management and baseline requirements
•    Must have strong global stakeholder management skills.
•    Strong understanding of Secure by Design principles & methodologies
•    Basic experience in Programming Languages (Python)
•    Vulnerability Intelligence Research Experience (required to analyze zero days).
•    Prior experience serving as a vulnerability management and application security advisor, fostering culture of proactive vulnerability remediation among application development teams is desired.
•    Must have excellent reporting and presentation skills needed to present the regional vulnerability management posture in various forums.
•    Prior experience with reviewing security baseline configurations (on Windows, UNIX, Database, Networks platforms).
•    Strong project management and documentation skills desired to manage the role effectively. Ability to prioritize and effectively triage issues. 
•    Ability to effectively balance time between day-to-day support work and project-related tasks. 
•    Strong verbal and written communication skills. Ability to cope with business needs and to respond to and address production situations promptly. 
•    Ability to communicate and act professionally with IT staff and business clients while under strict deadlines. 
•    Ability to work in a team-oriented setting is a definite requirement with strong interpersonal skills. 
•    Ability to deal with changing priorities and work with global teams. 

Other Experience: 
Good organization, communication, and coordination skills are essential for this position.  This job requires managing projects and delivering services so experience in either project management or ITIL service management is desired.  

Preferred:

•    Any security certifications, such as:  CISM, CISA, CEH, CCSK or similar industry recognized certifications. 
•    Threat Intelligence Tooling (Recorded Future, WatchTowr etc) to support vulnerability intelligence. 
•    Working Knowledge with Service Now and/or CMDB concepts
•    Knowledge of controls frameworks such as NIST CSF, NIST SP 800-53, ISO 27001/2, CIS, and FISC. 
    
Personal Characteristics:
•    Strong communication skills, ability to work comfortably with different regions and technology teams.
•    Good team player, ability to work on a local, regional, and global basis and as part of joint cross location teams and cross functional teams. 
•    Ability to be pro-active and self-manage tasks through to completion. 
•    Able to perform under pressure. 

Diversity Statement

Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.

DISCLAIMER:  This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job.  The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time. 

Nomura is an Equal Opportunity Employer