Compliance jobs in Germany

Location: Frankfurt am Main, Germany

Employment Type: Full-time (Hybrid Working Model)

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com

The ICT Risk & Information Security Officer (ISO) role is established as a dedicated control function by the NFPE Management Board to manage and oversee Information Security (IS) and ICT risks as they relate to NFPE.

The NFPE Deputy ICT Risk & Information Security Officer is part of the ICT Governance function and requires a broad understanding of Information Security, IT Risk Management, IT Services and the controls that are relevant to proper oversight within the institution and with regard to third parties.

Together with the NFPE's ICT Risk & Security Officer, the Deputy role is responsible in particular of the development, monitoring and analysis of Information Security risks and controls with respect to regulatory requirements, industry standards and Nomura policies.

The position requires demonstrated expertise in Information Security and regulatory compliance, with professional qualifications and experience commensurate with the role's responsibilities.

• Lead and support the entity implementation and oversight of the global Information Security framework, including strategies, policies, standards and guidelines, ensuring alignment with business objectives and regulatory requirements
• Support and oversee the implementation of the institution's IT Strategy and support the execution of the global Information Security Strategy within NFPE, ensuring alignment with both group-wide objectives and entity business strategy and operational resilience
• Support monitor and report on security metrics, key risk indicators, and overall information security status to the management board through regular updates and ad hoc reports as needed
• Serve as the primary point of contact for Information Security matters with internal and external stakeholders, coordinating with the global CISO organization on cross-border and group-wide security initiatives

• Ensure alignment and compliance of Information Security controls with applicable regulatory frameworks, including but not limited to EU DORA and BaFin's MaRisk
• Support liaison with regulatory authorities for Information Security risk matters
• Coordinate with Compliance & Legal to identify and address Information Security related regulations
• Support internal and external Information Security related audits and regulatory requests
• Support annual review of the ICT risk management framework
• Support reporting to and advisory to the management board on Information Security risk assessments, vulnerabilities, threats, their potential business impact, and mitigation strategies

• Represent NFPE (IT) in various Nomura Group Committees, Forums and industry Working Groups to ensure integration with effective risk management
• Engage with third-party service providers and internal projects on security requirements and controls

• Establish and maintain an IS incident management framework
• Coordinate and oversee security incident response, ensuring timely detection, reporting, and resolution of incidents
• Submit DORA Major ICT Incident and Significant Cyber Threat notifications to competent authorities

• Ensure post-incident analysis and implementation of lessons learned
• Establish clear channels and guidelines for employees to confidentially and promptly report incidents

• Initiate and coordinate measures to develop and deliver organisation-wide training programs on Information Security, ICT risk management, and regulatory compliance
• Foster a culture of digital operational resilience by promoting awareness of Information Security, ICT risks and regulatory obligations

• Experience in Information Security, preferably in financial services
• Proven expertise in IT governance or Security frameworks (e.g., ISO2700x, COBIT, CRI)
• Demonstrated experience in first or second line of defence roles within financial institutions
• Strong background in ICT risk management frameworks and methodologies
• Deep knowledge of EU and German regulatory frameworks, particularly:
• DORA (Digital Operational Resilience Act)
• MaRisk / BAIT (Bankaufsichtliche Anforderungen an die IT)
• NIS2 (Network and Information Security Directive 2)
• CRA (EU Cyber Resilience Act)
• Experience in dealing with EU regulatory authorities
• Professional Information Security certifications (e.g., CISSP, CISM, CISA)
• Fluent in German and English (written and spoken)
• Strong stakeholder management skills

• Experience in global financial institutions
• Knowledge of international financial regulations
• Advanced degree in Information Security, Computer Science, or related field
• Experience with third-party risk management
• Additional related certifications (e.g., CRISC, CGEIT)

• Opportunity to shape and influence the CISO framework of a global financial institution
• Work within a sophisticated three lines of defence model
• Competitive compensation package
• Dynamic, international work environment
• Professional development opportunities

Diversity Statement

Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.

Nomura is an Equal Opportunity Employer

DISCLAIMER: This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.