VP, Sr. Principal IT Risk & Control Specialist (Singapore)

JOB DESCRIPTIONJob title: Sr. Principal IT Risk & Control Specialist    Corporate Title: VPDepartment: Group Technology Location: Singapore

Company overviewNomura is a global financial services group with an integrated network spanning over 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Wholesale (Global Markets and Investment Banking), and Investment Management. Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.

Department Overview:Wholesale IT Risk and Control function (WS ITRC) manages technology risk across the Wholesale IT division globally by implementing a divisional risk framework and processes, aligned with GCIO and ORM standards, while ensuring rigorous oversight to maintain the division is within its risk appetite. We provide timely and comprehensive risk and control management reporting to support the integrity and resilience of Wholesale IT operations globally. The team always strives to increase risk awareness across the WS technology community and provide advisory service on Risk and Control matters. We are currently looking for risk management professionals with prior experience in the IT risk management space with particular focus on Wealth Management IT. 

Role Description Responsibilities:•    Provide Wholesale IT management with adequate risk and control reporting providing full picture of key risks and control metrics.•    Perform oversight and challenge of the relevant IT activities to ensure they conform to applicable IT policies and procedures and the overall Operational Risk Framework. •    Challenge technical teams’ controls and remediation actions to ensure they are effective and fit for purpose. Actions can be in response to Audit or regulatory findings, self-identified issues, event or ineffective control remediations.•    Support technology teams with Internal and External audit activities, including advisement on audit requests, review of audit findings and proposed remediation actions, as well as challenging completeness and sustainability of completed actions.•    Collaborate with regional Chief Control Office staff in assessing new regional regulations and its impact to Wholesale technology. Support regulatory inspections and inquiries. •    Oversee and support the Risk and control Self-assessment (RCSA) process for WS IT Business Units ensuring appropriate challenge being provided to preserve the purpose of the framework.•    Conduct deep dive analysis on key events and non-compliance areas •    Support, and advice, Wholesale IT management on Technology Risk and Control framework including global IT policies & standards mandates, key processes and exception management.•    Improve overall IT Risk & Control awareness across Wholesale IT •    Participate in regional and local Risk and Control forums and governance bodies

Skills, experience, qualifications and knowledge required:•    Bachelor degree in Information Technology or similar field•    Minimum 7 to 10 years of relevant IT Risk & Control experience within Investment Banking, Wealth Management or related environment.

•    Understanding of regulatory environment in APAC and experience supporting regulatory activities including inspections and ad-hoc inquiries. •    Understanding of Wealth Management technology solutions, processes and data.•    Experience in design and supporting IT Governance, IT General Control, IT Security, Audit or Technology compliance framework.•    Experience in external and Internal audit facilitation including evidence fulfilment, findings review and challenge and action adequacy. •    Experience in key technology processes including Incident Management Release and Change Management, SDLC, DevOps, Data Management, Asset Management and Cloud deployments.•    Experience of current technology risks and ability to leverage trends to identify problem areas. •    Exposure and engagement in risk reduction programs such as EoL remediation, Vulnerability Management, solution migration, DevOps transition (big plus)•    Experience in technology risk assessment and knowledge of third-party vendor assessment•    Strong understanding of Operational Risk Framework and its components including Policies, Controls, Risk Taxonomy, Operational Events, RCSA, Targeted Risk Assessment amongst others. •    Knowledge of the Three Lines of Defence model in financial industry.

Additional Skillsets•    Familiarity with Excel (Marco), Business Objects Reporting, Power Point, Power BI, GRC tools, ServiceNow, Confluence.•    Collaborator with strong communication skills and ability to present to senior audience in IT and business, with strong adaptability and attention to details.•    Able to think laterally and is comfortable with negotiating and securing buy in from key stakeholders.•    Possess Strong analytical skills and an ability to quickly learn new products and systems, need to be able to thrive in a constantly changing environment. •    One or more certification in CISA, CISM, CRISC, CISSP, or other IT governance, risk, or audit or security professional qualification.