We create the technology to connect the world. Powered bythe research and innovation of Nokia Bell Labs, we serve communications serviceproviders, governments, large enterprises and consumers with the industry'smost complete, end-to-end portfolio of products, services and licensing.
We adhere to the highest ethical business standards as we create technologywith social purpose, quality and integrity. Nokia is enabling theinfrastructure for 5G and the Internet of Things to transform the humanexperience.
The vision of Nokia IT is to be a trustedbusiness partner delivering value for Nokia. In line with this, NokiaIT follows three strategic pillars : to Simplify via integration andstandardization;
to Enable the business as a strong business partner; to Partner to develop internal competence and establish Nokia’s digitalplatforms.
The Cyber-Security team protectsthe Nokia organization from exposure to information breaches and cyber-attackswith the aim of minimizing operational and reputational risk.
It develops and delivers aconsistent set of frameworks and activities including demonstrating riskmanagement in line with Nokia business and regulatory expectations.
Nokiacustomers have clear expectations on the level of security and compliance inour products and services. For Nokia it is essential that we keep ourIntellectual Property, secret and confidential data, and employee informationsufficiently protected against cyber-attacks.
This hiring is for the team leadof the Cyber Security Analysis and Advisory Team which assesses new projects,and changes in our environment to ensure that they are in line with the Nokiasecurity policies, standards, and baselines.
TheCyber Security team works with the IT delivery teams and business partners toachieve compliance and select suppliers, and architectures that are secure bydesign.
Weassess proposed IT and business solutions, detect security gaps and issues,evaluate the risks for the company, propose solutions to mitigate or remediatethose risks, and provides a recommendation for the final risk decision.
TheCyber Security team works together closely with the IT teams and businessstakeholders, and participates in the governance of the IT suppliers, toguarantee the quality of the security services that are delivered to Nokia.
This role will act in anenvironment which is rapidly evolving from traditional IT to digital cloudbased. Developments are agile, in a variety of DevOps structures.
So an indepth understanding of these technologies and development methodologies isessential.
As Analysis & Advisory Team lead you will :
Structureand optimize the work of the Analysis & Advisory team.
Workwith the IT infrastructure and applications teams, our IT suppliers, and theBusiness Groups to effectively manage changes in our environment according tothe Nokia security policies, standards and baselines.
Assesscompliance and residual risk, provide recommendations and support theorganization with the management of threats.
Continuouslyimprove the processes and technologies to assist the delivery of the teamservices
Keep abreast of the evolution of threats,vulnerabilities, and technologies to ensure that Nokia Cyber Security achievesthe level of maturity in cyber security that is expected by our customers.
Keyaccountabilities include :
Team and people lead for the Analysis & Advisory team.
Manage the key areas of Analysis and Advisory :
Follow up of the IT projects, work orders and assess solutions against the Nokia policies.
Risk assessments of residual risks and explain to the risk owners, with recommendations
Predictive threat intelligence
Work with suppliers for security assessments.
Interface to Nokia Business Groups, Nokia IT team leads, and third-party service suppliers.
Assess new capabilities in this area andpossible direct their introduction in the Nokia environment.
Five plus years relevant work experienceincluding telecommunications service provider and telecommunicationsmanufacturing industry experience.
Three to five years of experience in auditing,compliance testing, project riskmanagement, security or other internal controls.
Extensive experience in information security technologiesand techniques from architecture to planning and implementation.
Extensive experience in organizing teams,establishing priorities, and leading IT related customer information securityrelated projects.
Knowledge of various industry and governmentstrategies and standards in privacy and security including ITIL, COBIT, ISO27001, and NIST standards.
Knowledge of current and evolving Informationsecurity technologies that cover all levels of IT architecture including thosethat affect business processes, data, applications, and network and systemsinfrastructure.
Must have superior written, verbal and oralcommunication skills.
Must have the ability to work independently in afast paced environment and demonstrate a track record for completing work in atimely and organized fashion.
Ability to work able to work independently aswell as in a team
Good attention to detail.
Willing to travel inline with the requirements of the role
Highly self-motivatedand directed Autonomy
People management,team builder.
Interested intechnology and security watch
Ability to multitask
Ability to effectivelyprioritize and execute tasks in a high-pressure environment.
Be convincing includingwhen working with remote teams
Pro-Active don’tawait taking action when identifying a security need
Role Related Expertise Qualifications, Knowledge & Experience Required
Graduate degree in information systems or computer science .
Advanced degree in engineering, Cyber Security, information assurance, information security.
Certified Information Security Systems Professional (CISSP).
Certified Information Security Manager (CISM).
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC).
or the ability and motivation to work towardobtaining certifications.
Education - Master’s degree in computer science or related technical field.
Experience - Minimum of 2 years of relevant professional experience required.
Certifications - One or more of the following certifications is highly preferred : CEH, CISSP, CCSP, CRISC, CISA, ECSA, MCSE, etc.
Other Skills :
Strong technology insight with a full appreciation of how technology can enable positive business change
Knowledge of office productivity tools (e.g. O365), ERP and CRM Systems (e.g. SAP, Ariba, Salesforce) Public Could solutions (Azure, AWS, Google Cloud)
Strong IT skills including knowledge on hardware, software, networks, and data centers.
Practical knowledge of network security, networking concepts and architectural implementations
Practical knowledge on vulnerability testing & the capability to define mitigations
Practical knowledge of application and database security / ethical hacking desirable
Capable of performing stand-alone penetration tests desirable
Interest in developing knowledge in other security related areas and domains
Attention to details, excellent problem solving and follow-up skills required
Team player - Excellent relationship with stakeholders
Capable to work with IT outsourcing partners
Ability to convey technical security concepts to non-technical audience
Compliance, Assurance and Security expertise at an enterprise and global scale
Proficient in English