Senior Security Governance Risk and Compliance Expert
ST Strategy & Technology
Amadora, Portugal, Portugal
há 1 dia

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.

We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work.

The team you'll be part of

Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value.

We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

Part of Strategy & Technology, Group Security is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.

We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.

Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond

What you will learn and contribute to

We are looking for a Security Operational Compliance expert that can take on the overall responsibility for the day-to-day organization, oversight, tools, and operation of the Security Operational Compliance that is part of the Risk Management Process.

Over the past years, Cyber Security has become more and more a key strategic asset for companies, in which they invest significantly to secure their core business.

Hence, Nokia’s Group Security team mission is to assure that Nokia’s (sensitive) data is not stolen, erased, or exposed through malicious actions, and that the way Nokia conducts business is in line with regulatory and customer security requirements.

At the same time, the team needs to assure that employees still have the means to do their daily work in an effective way.

During 2022, Nokia’s Group Security Team further invests in Governance, Risk and Compliance expertise, solutions and techniques.

The main drivers are :

  • the evolving concerns from governments and customers that translate into a growing compliance requirements landscape;
  • the need to embed the best practices underneath into the Nokia environment so that compliance becomes a differentiator for Nokia products and services;
  • to establish this in a way that the overhead which typically comes with compliance is limited the work that employees have to perform, and the effort in customer and regulatory audits.
  • In this role, you will become part of the Group Security Governance, Risk and Compliance Team.

    Key accountabilities include :

  • Own and maintain of the Operational Compliance Management Process
  • Ensure that all the involved stakeholders perform the necessary actions to make all the non-compliances progress through the workflow
  • Ensure all Operational Compliance Findings and Risk Records are tracked and addressed by the involved teams and stakeholders
  • Manage and align with group security teams all the risks and non-compliances on their scope, by providing compliance advisory support to operational and business areas, as well to the Senior Management team
  • Manage and align with Nokia’s service providers all the risks and non-compliances on their scope ensuring these are tracked and addressed by suppliers, and improvement of KPIs and metrics.
  • Escalate and help to mitigate non-compliance issues and risks if identified
  • Participate in risk management strategies to avoid non-compliance and file compliance reports.
  • Support any team / person involved in the Operational Compliance Management Process
  • Educate and provide awareness of the Operational Compliance Management process to any person that needs it across the company
  • Create, communicate, and present monthly reports to the several Group Security Teams
  • Create and communicate monthly reports to the Top management
  • Your skills and experience

    You have :

  • 5 to 8 years of previous experience in Security Risk Management, Security Compliance and Information Security Management and / or related functions (such as IT audit and IT Risk Management)
  • Significant awareness of relevant compliance requirements and good knowledge of ISMS, Security Policies and Controls Framework implementation.
  • Experience with security control and risk frameworks, performing compliance and risk assessments
  • Good knowledge of security operational activities and advice on appropriate steps or activities to guarantee compliance with security policies, law and regulatory requirements
  • Comprehensive knowledge of security operational processes for infrastructure and application management and IT engineering techniques (e.
  • g. patch management, logging and monitoring, network management, disaster recovery, etc.)

  • Experience in gathering of metrics and reporting to all levels within the organization with proven organizational and follow-up skills
  • Ability to implement workflows that support business processes and reduce overhead
  • Ability to proper manage the relationships with suppliers / partners to assure levels of Security & Compliance capabilities are commensurate
  • Excellent documentation skills for process definition, reporting and executive communication
  • Fluency in English
  • It would be nice if you also had :

  • Experience with RSA Archer or other GRC tools, data analytics and reporting tools (PowerBI, )
  • Knowledge of the typical authoritative sources in the context of compliance (NIST, SOX, ISO, GDPR, )
  • Knowledge of information security concepts at the scale of a large, multinational enterprise
  • Education (non-exhaustive) : Degree in information systems or computer science or equivalent by experience Advanced degree in engineering, Cybersecurity, information assurance, information security, information systems or computer science
  • Certifications or the ability and motivation to work toward obtaining similar certifications (non-exhaustive) : Certified as CISM, CISA, CISSP, CRISC.
  • ISO27001 Lead Auditor, Lead Implementer

    What we offer

    Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered. #LI-Hybrid

    Nokia is committed to inclusion and is an equal opportunity employer

    Nokia has received the following recognitions for its commitment to inclusion & equality :

  • One of the World’s Most Ethical Companies by Ethisphere
  • Gender-Equality Index by Bloomberg
  • Workplace Pride Global Benchmark
  • LGBT+ equality & best place to work by HRC Foundation
  • At Nokia, we act inclusively and respect the uniqueness of people.

    Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.

    We are committed to a culture of inclusion built upon our core value of respect.

    Join us and be part of a company where you will feel included and empowered to succeed.

    Reportar esta oferta de trabalho

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Meu email
    Ao clicar em "Continuar", autorizo a neuvoo a processar os meus dados e a enviar-me alertas de e-mail, conforme detalhado na Política de Privacidade da neuvoo . Posso retirar o meu consentimento ou cancelar a subscrição a qualquer momento.
    Formulário de candidatura