Cloud Security Operations and Compliance Professional

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world. 

We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work. 

Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia. 

Part of Strategy & Technology, Group Security is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.

We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.

Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond. 

For this position you’ll be part of Group Security Cyber Defense Center working as a Cloud Security Operations and Compliance Professional and will be interacting with Nokia’s Digital Office, Business Groups, IT Operations teams, and other partners in the governance of security services verifying compliance of implementation to Nokia’s Security Policies and collaborating with other Group Security teams on the implementation of new technologies, threat detection/monitoring and Security Strategy.  

As part of our team, you will: 

Support the availability, integrity, and security of ongoing Security Services operations.

• Support the availability, integrity, and security of ongoing Security Services operations.
• Monitor and assess the compliance to the Nokia Information Security Policies and govern the Security Operations both for Private and Public Cloud Environments
• Define, Implement and Evaluate the maturity of the security services delivered by the different teams across Nokia organization (Digital Office, Business Groups, IT suppliers and other partners)

The Cyber Security Operations and Compliance Professional will setup a strong governance for each of the security services in his portfolio and by using the compliance, maturity assessment and other tools, identify deficiencies, determine risk level, recommend solutions, and give guidance & support where it comes to execution of the security services.

Above activities should be done in a cost effective and innovative way bringing value to the Business Groups / Central Functions & Digital Office teams through simplification, standardization, and homogenization.

The Key accountabilities for this role include:

• Ensure flawless execution of the security services provided by the delivery teams.
• Definition of Services and compliance tools.
• Defining relevant services status reports, including metrics and KPI and implementation.
• Delivery of compliance reports, maturity assessments.
• Gap analysis and drive delivery and implementation of improvement plans.
• Governance and reporting.
• Technical management of Vendors, Suppliers, and IT teams in the implementation of Security Controls and Security Services.
• Interface to Nokia Business Units, Nokia IT Tower leads (Connectivity, Enterprise Computing, Applications, End User Computing), Security Suppliers, Business Groups and other third parties for the Security Compliance Governance.
• Collaboration and Communication: Working effectively with cross-functional teams including developers, operations, and management.
• Strong communication skills for reporting security compliance status
   

You Must have: 

• Education: Master’s degree in computer science or related technical field. Cybersecurity, information assurance or information security specializations are a bonus.
• English proficiency
• Experience: Minimum of 2 years of relevant professional experience required in development and/or security practices including some of domains listed hereunder:
  • Cloud Architecture and Design

 

• Understanding of cloud infrastructure, service models (IaaS, PaaS, SaaS), and deployment models (public, private, hybrid).
• Knowledge of cloud architecture frameworks and design principles.
• Configuring and managing virtual private networks (VPNs), firewalls, and security groups.
• Understanding of secure network architecture and zero trust networking principles.
  • Cloud Compliance
    • Implementation of security controls and best practices for cloud environments.
    • Knowledge of regulatory requirements and standards (e.g., GDPR, HIPAA, PCI-DSS) relevant to cloud security.
  • Vulnerability Management
    • Maintain knowledge of the threat landscape and evaluate, rate, and perform risk assessments on assets.
    • Knowledge of vulnerability scoring systems (CVSS/CMSS)
    • Good understanding of patching (Eg: IaaS, PaaS, SaaS)
  • Identity and Access Management (IAM)
    • Designing and managing IAM policies and procedures.
    • Experience with role-based access control (RBAC), multi-factor authentication (MFA), and single sign-on (SSO).
  • Security Automation and Orchestration
    • Automating security processes using tools and scripts (e.g., Terraform, CloudFormation, Ansible). Understanding of CI/CD implementation and operation.
    • Experience with Security Orchestration, Automation, and Response (SOAR) tools. 
  • Data Protection and Privacy
  • Logging and Monitoring
  • Risk Management:
  • Data analytics technologies & methodologies. Advanced reporting techniques (e.g. PowerBI)
  • Regulatory & Standards
    • Knowledge of information security regulations: PCI, GLBA, and Safe Harbor
    • Knowledge of various industry and government strategies and standards in privacy and security including ITIL, COBIT, ISO 27001, and NIST standards
  • Knowledge of current and evolving Information security technologies that cover all levels of IT architecture including those that affect business processes, data, applications, and network and systems infrastructure.

It would be nice if you also have relevant Security/Cloud certifications or the ability to work toward obtaining them.

• Certified Cloud Security Professional (CCSP)
• Certified Information Security Systems Professional (CISSP)
• Certified Information Systems Manager (CISM)
• Certified in Information Systems Risk Management (CRISC)
• AWS Certified Security
• Google Professional Cloud Security Engineer
• Microsoft Certified: Azure Security Engineer Associate
• GIAC Certified Cloud Security Automation (GCSA)
• Security Alliance's Certificate of Cloud Security Knowledge (CCSK)
   

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.