Associate, Lead PMO (Singapore)
Singapore, SG, 018983
Nomura
Nomura Holdings website. Group companies, news releases, services, CSR, IR, careers information.Company overview
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com
Nomura employs a robust Vulnerability Management (VM) team, members of which are located in all of its major regions, namely EMEA, Americas, India, Singapore, and Japan. This team is separated into two distinct areas:
• Vulnerability Management - Operations
• Vulnerability Management – Coordinators
Operations is responsible for the day-to-day BAU requirements of VM operations along with vulnerability and policy-based remediation, analysis, notification and tracking. Members are also responsible for designing, implementing, and maintaining Nomura’s IT Security Policy and strategies.
Coordination is more focused on vulnerability analysis and remediation of the vulnerabilities. They will be using the regular scan results and work with the varying remediation teams to remediate the vulnerabilities within set Patch/Remediation Guidelines.
The team’s focus is to serve as the single point of contact for all Vulnerability Management related queries, concerns, and technologies. The team provides a high standard of user and business support in a responsive and timely manner across all businesses, takes responsibility and ownership for maintaining the global/regional VM strategy, and delivers the operational deployment of global/regional VM services in a manner consistent with the common VM goals and objectives. Working as part of a global team, troubleshoot and resolve VM related issues with the firm’s various cross-region infrastructure platforms and technologies. Collect diagnostic materials and other supporting evidence to identify the root cause of problems with our VM Tooling. Assist application support, development teams and Platform support teams in diagnosing Vulnerability and Policy based issues.
This position will coordinate information and actions across all Regional Teams (other regional VM leads and coordinators), meeting with them regularly through regional handovers. The position will also be responsible for regional regulatory, audit and KRI reporting ensuring regional VM scanning, remediation and policy scans ensuring SLAs and reporting KRIs. The focus of this resource will be primarily AEJ Region (but includes coverage across the global; handover of other regional Ops resources is critical).
The role also involves coordinating closely with application teams to address and remediate vulnerability identified through Static application security testing (SAST), Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST).
Responsibilities:
The role will manage day to day VM coordination in region, have administrative access in VM tool, coordinate remediation efforts, track trends and work on VM related projects, tooling and efficiency gains. The VM Coordination will also serve as an in-region Zero-Day/Celebrity Vulnerabilities or high-risk Security Incident Manager, managing these issues as a follow-the-sun coordinator till the issue is mitigated and/or remediated. Position will be responsible for vulnerability escalation and tracking. The coordinator role will manage vulnerability remediation efforts within the region and globally. They will be required to work with application owners and support teams on all VM remediation efforts including vulnerabilities identified with VM, SAST, SCA and DAST scans.
The position also will be required to know and work along with other teams in these varying areas:
• Threat Intelligence
• Security Operations Centre • Security Surveillance
• Vendor Risk Management
• Cyber Incident Response and Forensics
• Penetration Testing and Red Team Exercises
• Governance, Risk, and Compliance (GRC),
• Security Architecture
• Information Security Policy Setting
• Information Security Management and Training
All team members will need to perform project management activities (Change the Bank (CTB)), as well as operational activities and support (Run the Bank (RTB)).
Requirements:
Mandatory:
• Min 5 years of Information Security Experience and at-least 2 years in Vulnerability Management, including VM Tooling (Rapid7) and Application Security Tooling (like Sonarqube, Nexus IQ, Rapid7 appscan)
• Experience with Reporting Tools (PowerBI), creating automation scripts to analyze data and create targeted vulnerability remediation campaigns
• Experience with responding to MAS, RBI and SEBI audit controls related to vulnerability management and baseline requirements
• Must have strong global stakeholder management skills.
• Strong understanding of Secure by Design principles & methodologies
• Basic experience in Programming Languages (Python)
• Vulnerability Intelligence Research Experience (required to analyze zero days).
• Prior experience serving as a vulnerability management and application security advisor, fostering culture of proactive vulnerability remediation among application development teams is desired.
• Must have excellent reporting and presentation skills needed to present the regional vulnerability management posture in various forums.
• Prior experience with reviewing security baseline configurations (on Windows, UNIX, Database, Networks platforms).
• Strong project management and documentation skills desired to manage the role effectively. Ability to prioritize and effectively triage issues.
• Ability to effectively balance time between day-to-day support work and project-related tasks.
• Strong verbal and written communication skills. Ability to cope with business needs and to respond to and address production situations promptly.
• Ability to communicate and act professionally with IT staff and business clients while under strict deadlines.
• Ability to work in a team-oriented setting is a definite requirement with strong interpersonal skills.
• Ability to deal with changing priorities and work with global teams.
Other Experience:
Good organization, communication, and coordination skills are essential for this position. This job requires managing projects and delivering services so experience in either project management or ITIL service management is desired.
Preferred:
• Any security certifications, such as: CISM, CISA, CEH, CCSK or similar industry recognized certifications.
• Threat Intelligence Tooling (Recorded Future, WatchTowr etc) to support vulnerability intelligence.
• Working Knowledge with Service Now and/or CMDB concepts
• Knowledge of controls frameworks such as NIST CSF, NIST SP 800-53, ISO 27001/2, CIS, and FISC.
Personal Characteristics:
• Strong communication skills, ability to work comfortably with different regions and technology teams.
• Good team player, ability to work on a local, regional, and global basis and as part of joint cross location teams and cross functional teams.
• Ability to be pro-active and self-manage tasks through to completion.
• Able to perform under pressure.
Diversity Statement
Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.
DISCLAIMER: This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.
Nomura is an Equal Opportunity Employer
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Banking CCSK CEH CISA CISM Compliance DAST Forensics Governance Incident response ISO 27001 ITIL NIST NIST 800-53 Pentesting Python Red team Risk management SAST SLAs SonarQube Strategy Surveillance Threat intelligence UNIX Vulnerabilities Vulnerability management Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open Pentesting-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs