🌎
This job posting isn't available in all website languages

For Nokia Internal Employee access Log in here

Join us at Nokia to connect the world

Search jobs

Security Process Lifecycle Expert

📁
Corporate Services
💼
CNS Cloud and Network Services
📅
210000023L Requisition #
Job Description
 
Subject Matter Expert in areas of Security Processes Governance, Risk & Compliance Management Services, responsible for development, implementation & delivery.Ensures Security process lifecycle, audit, compliance & risk management, resiliency management, third party security governance, data protection & privacy governance activities are effectively delivered and enhanced for future.
 
Job Responsibilities & Competencies

Main Responsibility Areas:

  • Security process lifecycle management
  • Governance, Compliance & Risk Management
  • Security in Business continuity & Resiliency Management
  • Data protection & Privacy

Key Tasks:

  • Create and review policy standards and strategies to ensure procedures and guidelines comply with cybersecurity frameworks, standards & industry benchmark.
  • Participate in security governance process to provide security risks, mitigations, and input on other technical risks.
  • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of risk areas.
  • Assessing security controls and its effectiveness based on cybersecurity principles and tenets. (e.g. NIST CSF, ISO27001, ITU-T x.805, NIST SP 800-53 etc.)
  • Perform risk analysis (e.g., threat, vulnerability, and the probability of occurrence) and apply risk management framework
  • Provide regular reporting of the security program to relevant stakeholders
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all Security Governance, Risk & Compliance Management Services.
  • Facilitate security risk, legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
  • Perform review & analysis with stakeholders to help establish the lessons learnt, create & update new/existing processes & procedures to mature the Security Governance, Risk & Compliance Management Services.
  • Support in preparing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network.
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance for necessary audit & compliance activities
Qualifications

Key Competencies:

  • Skill to apply cybersecurity, data security and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Adept in performing risk analysis (e.g., threat, vulnerability, and the probability of occurrence)
  • Knowledge of business management and security risk management and cybersecurity technologies
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Promote awareness of security issues among management
  • Knowledge and understanding of relevant legal and regulatory requirements e.g. Country specific telecom security conditions, CII (Critical Information Infrastructure) regulations etc.
  • Skill in assessing security controls and its effectiveness based on cybersecurity principles and tenets. (e.g. NIST CSF, ISO27001, ITU-T x.805, NIST SP 800-53 etc.)
  • Knowledge of Vulnerability Management, Penetration Testing principles, Secure configuration and Application Security tools, and techniques.
  • Knowledge of network security architecture concepts and principles (e.g., application of defense-in-depth).
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker, with strong problem-solving skills
  • Excellent stakeholder management skills
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Ability to lead and motivate the security specialists and security analysts to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
  • An Expert of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
  • Security Products and Technology Knowledge

Experience & Certification:

  • Minimum 8 years of relevant experience in a combination of Security Governance, Risk & Compliance Management services and operations technology jobs.
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM).
Working with us, you will have a positive impact on people’s lives and help to overcome some of the world’s most pressing challenges. We act inclusively and respect the uniqueness of people. At Nokia, employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. Nokia culture welcomes people as their true selves.
 
 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions
Life at Nokia
Explore Employee Blogs
We create the technology to connect the world

Stay in touch with us through our social media channels:

Follow us on Facebook
Follow us on LinkedIn
See us on Glassdoor
Follow us on Twitter

Similar Listings

CNS Cloud and Network Services

Lannion, France, France

📁 Corporate Services

Requisition #: 210000026W

CNS Cloud and Network Services

Lannion, France, France

📁 Corporate Services

Requisition #: 210000023I

CNS Cloud and Network Services

Lannion, France, France

📁 Corporate Services

Requisition #: 2100000CGD

Teams at Nokia

See all jobs

Research & Development

See new jobs

Market & Sales development

See new jobs

Corporate services

See new jobs
Nokia is an equal opportunity employer that is committed to diversity and inclusion. At Nokia, employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.