Associate, IT Security Vulnerability Management Coordinator
Singapore, SG, 117372
NomuraNomura Holdings website. Group companies, news releases, services, CSR, IR, careers information.
Nomura is a global financial services group with an integrated network spanning over 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Wholesale (Global Markets and Investment Banking), and Investment Management. Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.
Aon’s Benefit Index®, Nomura’s benefits rank #1 amongst our competitors
Nomura employs a robust Vulnerability Management (VM) team, members of which are located in all of its major regions, namely EMEA, Americas, India, Singapore, and Japan. This team is separated into two distinct areas:
- Vulnerability Management - Operations
- Vulnerability Management – Coordinators
Operations is responsible for the day to day BAU requirements of VM operations along with vulnerability and policy based remediation, analysis, notification and tracking. Members are also responsible for designing, implementing and maintaining Nomura’s IT Security Policy and strategies Coordination is more focused on vulnerability analysis and remediation of the vulnerabilities. They will be using the regular scan results and work with the varying remediation teams to remediate the vulnerabilities within set Patch/Remediation Guidelines
The team’s focus is to serve as the single point of contact for all Vulnerability Management related queries, concerns and technologies. The team provides a high standard of user and business support in a responsive and timely manner across all businesses, takes responsibility and ownership for maintaining the global/regional VM strategy, and delivers the operational deployment of global/regional VM services in a manner consistent with the common VM goals and objectives. Working as part of a global team, troubleshoot and resolve VM related issues with the firm’s various cross-region infrastructure platforms and technologies. Collect diagnostic materials and other supporting evidence to identify the root cause of problems with our VM Tooling. Assist application support, development teams and Platform support teams in diagnosing Vulnerability and Policy based issues.
This position will coordinate information and actions across all Regional Teams (other regional VM leads and coordinators), meeting with them regularly through regional handovers. The position will also be responsible for regional regulatory, audit and KRI reporting ensuring regional VM scanning, remediation and policy scans ensuring SLAs and reporting KRIs. The focus of this resource will be primarily AEJ Region (but includes coverage across the global; handover of other regional Ops resources is critical)
The Singapore role will manage Day to day VM coordination in region, have administrative access in VM tool, coordinate remediation efforts, track trends and work on VM related projects, tooling and efficiency gains. The VM Coordination will also serve as an in-region Zero-Day/Celebrity Vulnerabilities or high risk Security Incident Manager, managing these issues as a follow-the-sun coordinator till the issue is mitigated and/or remediated. Position will be responsible with vulnerability escalation and tracking. The SG Coordinator role will manage wholesale vulnerability remediation efforts within SG region and globally. They will be required to work with application owners and support teams on all VM remediation efforts.
The position also will be required to know and work along with other teams in these varying areas:
- Threat Intelligence
- Security Operations Centre
- Security Surveillance
- Vender Risk Management
- Cyber Incident Response and Forensics
- Penetration Testing and Red Team Exercises
- Governance, Risk, and Compliance (GRC),
- Security Architecture
- IT Security Policy Setting
- Information Security Management and Training
All team members will need to perform project management activities (Change the Bank (CTB)), as well as operational activities and support (Run the Bank (RTB)).
- Minimum Degree in Information Technology or Computer Science from an accredited University
- Minimum of 10 years’ experience in IT Security focusing on Vulnerability Management and Vulnerability Management Coordination
- Experience with server administration (on Windows, UNIX, Database, Networks platforms)
- Experience in conveying complex information that is easily understandable to non-technical individuals and business clients while under strict deadlines.
- Must have solid critical thinking skills and be able to collect and analyze evidence from logs, monitoring and other diagnostics
- Possess security certifications such as: Nexpose NCA/NACA, AWSCS, PCCSE, CISSP, CISM, CISA, Security+, CEH, CCSK, or similar industry recognized certifications.
- Knowledge of controls frameworks such as NIST CSF, NIST SP 800-53, ISO 27001/2, CIS, and FISC.
- Must be able to consistently apply procedures.
- Must have prior experience in an IT operations/support role and IT Security
- Strong Operational Knowledge and conceptual understanding of other infrastructure and Security technologies as it pertains to servers, database, core services, and networks.
- Ability to prioritize and effectively triage issues.
- Ability to effectively balance time between day-to-day support work and project-related tasks.
- Ability to work in a team-oriented setting is a definite requirement with strong interpersonal skills.
- Ability to deal with changing priorities and work with global teams 4
- Vulnerability Management Tooling (Rapid7 or other VM Tooling background)
- Operational Support Experience within MS Active Directory or Exchange infrastructure
- Operational Support Experience within Red Hat Enterprise Linux, or Solaris based systems
- Operational Support Experience within Networking
- Other best-practice IT certifications such as ITIL or COBIT
- Working Knowledge with Service Now and/or CMDB concepts
Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.
DISCLAIMER: This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.
Nomura is an Equal Opportunity Employer
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Banking CEH CISA CISM CISSP COBIT Compliance Computer Science Forensics Governance Incident response ISO 27001 ITIL Linux Monitoring NIST NIST 800-53 Pentesting Red Hat Red team Risk management SLAs Solaris Strategy Surveillance Threat intelligence UNIX Vulnerabilities Vulnerability management Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Infosec Risk Manager jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs