Cyber Security Operations Compliance Professional
Nokia Bell Labs
Amadora, Portugal, Portugal
há 6 dias

Nokia

Nokia is a global leader in the technologies that connect people andthings. With state-of-the-art software, hardware and services for any type ofnetwork, Nokia is uniquely positioned to help communication service providers,governments, and large enterprises deliver on the promise of 5G, the Cloud andthe Internet of Things.

Serving customers in over 100 countries, our researchscientists and engineers continue to invent and accelerate new technologiesthat will increasingly transform the way people and things communicate andconnect.

Nokia is an equal opportunity employer that is committed to diversityand inclusion. At Nokia, employment decisions are made regardless of race,color, national or ethnic origin, religion, gender, sexual orientation, genderidentity or expression, age, marital status, disability, protected veteranstatus or other characteristics protected by law.

Cyber Security

The Cyber Security team is responsible to protect Nokia critical data.We define the security operating procedures and the security baselines.

We alsodefine the security architecture in close cooperation with the EnterpriseArchitecture team.

The final accountability to protect data assets and accept securityrisks is with the data owner in the Business Groups / Central Functions and ITteams.

The Cyber Security team provides support to them to achieve complianceand select suppliers, and architectures that are secure by design.

We assess proposed IT solutions, detect security gaps and issues,evaluate the risks for the company and propose solutions to mitigate orremediate those risks.

The Cyber Security team works together closely with the IT teams andparticipates in the governance of the IT suppliers. This to guarantee thequality of the security services that are delivered to Nokia.

Finally, as no environment is fully secure, the team also builds theproper security incident capabilities, based on big data analytics to collectand process security information from the entire Nokia environment.

The team isalso responsible for the resolution of these incidents and drives thesubsequent remediation.

This role will act in an environment which is rapidly evolving fromtraditional IT to digital cloud-based. Developments are agile, in a variety ofDevOps structures.

So, an in depth understanding of these technologies anddevelopment methodologies is essential.

Cyber Security Operations Compliance Professional

The Nokia Security Operations Compliance Professional works with externalSecurity Suppliers and various technology vendors, and with the Nokia IT teamsto effectively manage security services, including risk management.

Key Responsibilities

The Cyber Security Professional is accountable for assessing thecompliance to the Nokia Information Security Policies regarding the operationsof the security services by either our IT suppliers or internal IT teams.

Secondlythe Cyber Security Professional is accountable to assess the maturity of thesame security services as provided by the different delivery teams within theIT suppliers and internal IT teams.

The Cyber Security Professional will setup a strong governance for eachof the security services in his portfolio and by using the compliance, maturityassessment and other tools, identify deficiencies, determine risk level,recommend solutions and give guidance & support where it comes to executionof these security services.

Above activities should be done in a cost effective and innovative waybringing value to the Business Groups / Central Functions & IT teamsthrough simplification, standardization and homogenization.

Key accountabilities include :

  • Flawless execution of the security services provided by the delivery teams.
  • Services definition and compliance tools.
  • Defining relevant services status reports, including metrics and KPI and get them implemented.
  • Delivery of compliance reports, maturity assessments. Gap analysis and drive delivery and implementation of improvement plans
  • Governance and reporting.
  • Vendor technical management.
  • Interface to Nokia Business Units, Nokia IT Tower leads (Connectivity, Enterprise Computing, Applications, End User Computing), Security Suppliers, and other third parties
  • Skill Requirements

  • Five years plus years relevant work experience in IT environment, knowledge on telecommunications service provider industry and telecommunications manufacturing industry is a plus.
  • Experience in the following network and security technologies, including operational & compliance aspects
  • Software Whitelisting Operations
  • Vulnerability Scanning and Assessments
  • Log Management
  • Anti-malware and anti-spam (high touch point to executives and common attack vectors).
  • Network Firewall and VPN
  • Proxy Management
  • HIPS
  • Routing and LAN switching
  • Server management (Wintel and UX)
  • Monitoring, logging & security event correlation techniques
  • Data analytics technologies & methodologies.
  • Advanced reporting techniques (e.g. PowerBI)
  • Knowledge on Cloud security technologies Azure, Amazon is considered as very important plus.
  • Experience in vendor technical management
  • Knowledge of information security regulations : PCI, GLBA, and Safe Harbor
  • Knowledge of various industry and government strategies and standards in privacy and security including ITIL, COBIT, ISO 27001, and NIST standards
  • Knowledge of current and evolving Information security technologies that cover all levels of IT architecture including those that affect business processes, data, applications, and network and systems infrastructure
  • Mastering Project Management skills is considered as a plus.
  • Education and Certifications (exhaustive) :
  • Undergraduate degree in information systems or computer science.
  • Advanced degree in engineering, Cybersecurity, information assurance, information security, information systems or computer science.
  • National Security Administration Department of Homeland Security certification for NTISSI / CNS standards 4011-4016 (desired).
  • Certified Computer Forensics Examiner (Access Data, SANS).
  • Certified Information Security Systems Professional (CISSP).
  • Certified Information Systems Manager (CISM).
  • Certified in Information Systems Risk Management (CRISC).
  • or theability to work toward obtaining certifications.

    Behaviours

  • Customer focus
  • Highly self-motivated and directed Autonomy
  • Interested in technology / security watch
  • Ability to multitask
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Be convincing even when working with remote teams. Communication skills.
  • Pro-Active don’t wait for acting when identifying a security need
  • SkillRequirements : Common :

    Common :

  • 2 yearsworking in security practices (SOC experience preferred)
  • Self-drivenand motivated, with a team / collaborative style.
  • Team player - Excellent relationship with stakeholders
  • Capable to work with IT outsourcing partners
  • A specialized Diploma or bachelor's degree, or equivalent experience with relevant industry certifications (SSCP, SANS, OSCP etc.)
  • Certifications - One or more of the followingcertifications is highly preferred : CEH, CISSP, CCSP, CRISC, CISA, ECSA, MCSE,etc.
  • Englishproficiency
  • SOC Operations

  • Experiencewithin an enterprise level organization
  • Understandingof the incident response lifecycle at both technical and procedural level;
  • Experienceperforming incident response in the following technologies are preferred : AzureSentinel, Azure log analytics, Symantec EDR, FortiGate, Carbon Black
  • Abilityto solve problems using scripting and automation;
  • Understandingof IT fundamentals across networking, system, and application layers;
  • Abilityto triage incoming escalations and requests appropriately using clearcommunication;
  • Excellentinterpersonal and communication skills in order to share knowledge with peersand to communicate effectively with different stakeholders;
  • Behaviors

  • Customer focus
  • Highly self-motivated and directed Autonomy
  • Interested in technology / security watch
  • Ability to multitask
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Be convincing even when working with remote teams. Communication skills.
  • Pro-Active don’t wait for taking action when identifying a security need
  • Reportar esta oferta de trabalho
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Candidate-se
    Meu e-mail
    Ao clicar em "Continue", autorizo a neuvoo a processar os meus dados e a enviar-me alertas de e-mail, conforme detalhado na Política de Privacidade da neuvoo . Posso retirar o meu consentimento ou cancelar a subscrição a qualquer momento.
    Continue
    Formulário de candidatura