Urgent Candidates for GRC Expert

Job Description

Come create the technology that helps the world act together Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world. We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work. The team you ll be part of As N okias growth engine, we create value for communication service providers and enterprise customers by leading the transition to cloud-native software and as-a-service delivery models. Our inclusive team of dreamers, doers and disruptors push the limits from impossible to possible.
• You ll join the fast-growing organization Managed Security Services, leading the Security Services delivered by Nokia and dedicated to secure critical infrastructure against modern day security threats, including disruptive technologies such as Cloud, IoT, virtualization, 5G, etc.
• The Product Line is thus responsible for many activities, such as conceptualization of products, identification of target addressable market, planning & budgeting, business case development, writing customer value proposition and go-to-market strategy, development of sales/pre-sales capability, pushing marketing initiatives, organising delivery models & readiness including program for capability development, incubation of products , market launch, sustenance & growth management as well as P&L governance.
• As part of Managed Security Services Product Line, you ll be able to get involved in these tasks and contribute to the success of this business.
What you will learn and contribute to Job summary: Nokia is looking for a technically sound Governance, Risk & Compliance (GRC) expert to lead, coordinates, communicates, integrates, and be accountable for the overall success of the Security GRC Management Services, with focus on security processes and architecture security design, ensuring alignment with stakeholders. Security process lifecycle, audit, compliance & risk management, resiliency management, third party security governance, data protection & privacy governance activities are effectively delivered and enhanced for future. Main Responsibility Areas: Subject matter expertise (20%):
• Act as technical subject matter expert Security Governance, Risk & Compliance Management Services with deep understanding of data protection & privacy governance activities.
• Ensure a technological watch and competitive analysis on existing commercial and open-source GRC solutions and products.
• Experience of implementation and auditing security controls and its effectiveness based on cybersecurity principles and tenets. (e.g. NIST CSF, ISO27001, ITU-T x.805, NIST SP 800-53 etc.)
• Develop and review policy standards and strategies to ensure procedures and guidelines comply with cybersecurity frameworks, standards & industry benchmark for critical information infrastructures (CII)
• Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring.
Pre-sales support (40%):
• Provide a support to pre-sales technical inquiries, assess the customers requirements, design technical and business-sound solutions, and attend customers meetings to provide technical clarifications and presentations (possibly requiring travelling).
• Review organizations GRC and interact with related disciplines to ensure consistent application of policies and standards across all Security Governance, Risk & Compliance Management Services.
Products development (40%):
• Develop practice and service blueprint around GRC as a service.
• Work closely with product vendors and partners to select and assess new security products, follow-up on their features roadmaps and provide a support to product management s technical inquiries.
• Design, build, implement and test GRC solutions for complex IT and Telecom infrastructures.
• Create technical documentations, presentations and deliver competence development materials and trainings to relevant key stakeholders.
Your skills and experience Technical Competencies:
• Masters or bachelor s degree in computer science or related field such as cyber security or with Minimum 7 years of relevant experience in GRC role
• Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Strong project management skills, with the ability to lead and manage GRC projects.
• Experience of performing risk analysis (e.g., threat, vulnerability, and the probability of occurrence)
• Knowledge and understanding of relevant legal and regulatory requirements i.e., Country specific telecom security conditions, CII (Critical Information Infrastructure) regulations etc.
• Excellent written and verbal communication, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Soft Skills:
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability, and ability to work with little supervision while being resilient to change.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Must be a critical thinker, with strong problem-solving skills.
Nice to Have:
• Professional security management certification is desirable, such as ISO 27001 (LI/LEA), CISM, CRISC, CISSP, CISA etc
• Knowledge of Vulnerability Management, Penetration Testing principles, Secure configuration and Application Security tools, and techniques.
• Knowledge of network security architecture concepts and principles (e.g., defense-in-depth).
• Sound knowledge of security risk management, cybersecurity technologies and Cloud Security infrastructure a plus
What we offer Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered. Nokia is committed to inclusion and is an equal opportunity employer Nokia has received the following recognitions for its commitment to inclusion & equality:
• One of the World s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark
• LGBT+ equality & best place to work by HRC Foundation
At Nokia, we act inclusively and respect the uniqueness of people. Nokia s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect. Join us and be part of a company where you will feel included and empowered to succeed.Additional Information,

Keyskills :
technical subject matterbusiness case developmentcustomer value propositioninformation security managementrisk analysissecurity riskcloud security