Job Description

The GRC L3 Expert in Managed Security Services (MSS) is a role responsible for ensuring that all security operations align with regulatory requirements, business policies, and risk management strategies. You will play a critical role in aligning security services with client business objectives, improving organizational security posture, and ensuring continuous compliance with telecom-specific frameworks.



Act as the primary GRC Subject Matter Expert for telecom infrastructure, providing expert guidance and leading audits, risk assessments, and compliance reviews across various network environments (RAN/Core/Transport/IN/IMS/Cloud/NFV). Define and mature GRC processes specifically tailored to telecom network operations, including assurance models, compliance scorecards, and audit readiness plans. Lead and manage diverse internal and external telecom security audits, such as DoT, TRAI, CERT-In, ISO 27001/27011, and CAG, ensuring timely closure of all findings. Perform comprehensive control validation, evidence review, gap analysis, and remediation planning for audit findings and regulatory observations. Interpret and ensure strict compliance with Digital Personal Data Protection Act (DPDPA) requirements for telecom operators, including data fiduciary obligations, privacy-by-design, and conducting personal data risk assessments (PD-RAs) and DPIAs. Validate the implementation and effectiveness of security controls across all telecom network components (e.g., RAN, vRAN, O-RAN, Core, Cloud/Virtualized), ensuring adherence to hardening standards and cybersecurity guidelines. Drive compliance requirements and review change management activities across various cross-functional telecom teams, including Network Operations, RF, Core Engineering, Cloud Ops, and IT Security. Own the creation and maintenance of critical security documentation, such as policies, risk registers, and audit trackers, and provide management-level reporting on risk posture, compliance maturity, and audit readiness.

Must-Have Qualifications:

Over 8 years of experience in Governance, Risk, and Compliance (GRC), with at least 5 years specifically in Telecom or Managed Security Services (MSS). Deep technical understanding of telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Proficiency in security technologies such as Firewalls, SIEM, and encryption. Bachelor's or master's degree in Computer Science, Information Security, or Telecommunication Engineering. Exceptional stakeholder management and strong analytical thinking skills. Demonstrated ability to translate complex technical risks into clear business impact for executive audiences.

Nice-to-Have Qualifications:

Possession of professional certifications such as CISM, CISA, CISSP, or CRISC. Certification as an ISO 27001 Lead Auditor.

Advancing connectivity to secure a brighter world.

Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we're advancing connectivity to secure a brighter world.


Learn more about life at Nokia .

Our recruitment process

We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.


If you're interested in this role but don't meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.


The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia .