Information Security Associate - Security Risk & Control Lead

Job Title:

Information Security Associate - Security Risk & Control Lead

Job Code: 12502

Country: US

Skill Category: IT echnology

Description:

Job title:

Information Security Associate - Security Risk & Control Lead Corporate

Title:

Associate Department:
Technology

Location:

Jacksonville

The pay range for this position at commencement of employment is expected to be between $95,000 and $110,000 annually.

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions:
Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit

Aon’s Benefit Index ® , Nomura’s benefits rank #1 amongst our competitors.

The Information Technology department at Nomura is at the forefront of innovation, driving technology solutions that empower our business and enhance client experiences. We leverage cutting‑edge technologies to develop and maintain robust systems and infrastructure, ensuring the security, reliability, and efficiency of our operations. Join our team and be part of a dynamic and collaborative environment that embraces technological advancements to deliver value and drive our digital transformation journey.

We are seeking an experienced Information Security Associate to join our Cyber Risk Governance team lead in the Jacksonville, Florida office. This strategic role combines regulatory compliance expertise with vendor risk management leadership, serving as a critical bridge between technical security requirements and business operations.

• Maintain comprehensive knowledge of existing and emerging US cyber regulations
• Conduct thorough risk assessments on current and proposed cyber regulatory requirements
• Demonstrate proficiency with established cybersecurity frameworks (NIST, ISO 27001, SOC 2, etc.)
• Stay current with evolving regulatory landscape and assess impact on organizational compliance
• Lead and support regulatory compliance initiatives including SEC cybersecurity regulations, NYDFS Cybersecurity Regulation (23 NYCRR 500), and other applicable regulatory requirements
• Develop, implement, and maintain cybersecurity frameworks and map them to internal control structures
• Respond to Due Diligence Questionnaires (DDQs) from clients, vendors, and business partners
• Manage responses to regulatory inquiries and examinations from various oversight bodies
• Conduct risk assessments and gap analyses to ensure ongoing compliance
• Collaborate with cross-functional teams to implement control enhancements and remediation activities
• Monitor regulatory developments and assess impact on organizational compliance posture
• Prepare compliance reports and presentations for senior management and board committees
• Support audit activities and coordinate with internal and external auditors

• Serve as primary point of contact for vendor risk assessment activities across the US region
• Apply expertise in various vendor risk assessment frameworks and methodologies
• Collaborate effectively with regional and global business stakeholders to facilitate vendor onboarding processes
• Identify, analyze, and communicate risks associated with third‑party vendor relationships
• Ensure vendor compliance with firm's security standards and regulatory

• Deep understanding of cybersecurity frameworks and best practices
• Proven experience with vendor risk assessment methodologies
• Strong knowledge of US cyber regulatory environment
• Comprehensive understanding of risk management principles and practices
• Previous experience with any GRC platforms such as Reg Room, Cube a plus

• Minimum 4+ years of relevant information security…