Senior Security Specialist

We are looking for a Senior Security Specialist who can take responsibility for implementing and operating the global Information Security Management System (ISMS) of Nokia. You will play a key role on supporting Nokia Business Groups and Corporate Functions to identify, evaluate, manage, and report their information security risks. This is to enhance the overall security and compliance of services provided to our customers.

The Technology and AI function lays the path for Nokias future technology innovation and identifies the most promising areas for Nokia to create new value. We set the companys strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

You will be part of Group Security team within Technology and AI. We own Nokia-wide security policies, programs, management testing and reporting. Partner with various stakeholders to identify security requirements, trends and evolving risks, and act as an advisor to our customers, Business Groups, and other stakeholders in various security related matters.

• Facilitate information security control implementation and conduct risk assessments with global stakeholders
• Review and provide recommendations for security risk mitigation strategies
• Maintain and develop information security risk register.
• Track, report and present risk assessment and mitigation progress
• Collect data for Key Performance Indicators (KPIs) to measure ISMS effectiveness.
• Maintain repository of ISMS reports, evidence and audit records
• Develop and deliver trainings on ISMS practices
• Develop, review and update ISMS related documentation
• Actively contribute to the continuous development of Nokia ISMS and related tools
• Stay up to date with emerging security trends, threats and best practices.

Qualifications

You have:

• Education: Masters or bachelors degree in computer science, security engineering or equivalent.
• 5+ years of experience in information security and/or related functions in a multinational organization
• Practical knowledge of ISO/IEC 27001:2022 standard implementation.
• Solid understanding of information security processes and technologies
• Ability to manage complex activities in global and diverse business environment
• Advisory skills to guide the organization towards compliance with information security requirements

It would be nice if you also had:

• Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2
• Experience delivering information security training
• Familiarity with RSA Archer and Microsoft Power BI or other GRC tools
• Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA).