The Nokia CNS SaaS BO Delivery& Ops Framework team is hiring for for planning, implementing, and monitoring security Governance, Risk and Compliance (GRC) program for SaaS information systems and infrastructures and to support day-to-day information security and privacy governance risk and compliance activities and assigned projects to help us defend cloud infrastructure and SaaS applications for services delivered through a centralized SaaS Delivery and Operations framework.

• Develop and maintain security and privacy GRC framework, policies and SOPs based on business needs, risk assessments and privacy impact assessments.
• Perform risk assessments, risk mitigation tracking and reporting of residual risk, control gap assessments, architecture reviews, and threat modelling, to identify gaps, recommend solutions, and drive the gaps to completion.
• Perform and review technical risk assessments; reviews of new and existing applications and systems; reviews of account permissions, computer data access needs, security and privacy violations, and programming changes.
• Perform periodic testing of information resources and supporting infrastructure to ensure security and privacy controls are in place and effective.
• Oversee and/or perform the design, automation, and deployment of security and privacy applications and SaaS framework infrastructure program activities.
• Assist with coordinating and tracking information technology and security and privacy related external and internal audits, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the SaaS team in its best light. Provide guidance, evaluation, and advocacy on audit responses.
• Assist with metrics for the Information Security and Privacy Programs.
• Assist with the development of requirements for, and take part in, information security, privacy and technology projects.
• Assist research with security and privacy compliance requirements.
• Assist with establishing security and privacy controls requirements in accordance with applicable laws.
• Research, evaluate, and recommend tools and processes for prevention, detection, containment, and remediation of security incidents and/or data security breaches.
• Review reports and programs for compliance with industry standards, applicable laws and regulatory and customers\xe2\x80\x99 requirements.
• Perform other job\xe2\x80\x90related duties as assigned.

You have:

• Bachelor\'s degree in Information Security, computer science, business, or a related field, or equivalent in experience and expertise.
• 5 years of full-time experience working in Security & Privacy GRC.
• Industry Certifications such as CISSP, CISA, CIPP, CRISK, CCAK, etc

It would be nice if you also had:

• Knowledge and experience with legal, privacy, regulatory and telco compliance standards such as CSA CCM, CSA STAR, GSMA, TSR, HITRUST, HIPAA, ISO 27001, SOC2, FedRAMP, GDPR, CCPA, NIST 800 series, CIS Top 20, etc.
• Knowledge of common information security management frameworks, such ITIL, COBIT, COSO, Three Lines of Defense, Common NIST CSF (Cybersecurity Framework).
• Experience with variety of operating systems, Cloud Data Platforms (AWS, Azure, GCP, OCI) and Cloud Computing (SaaS, PaaS, IaaS).
• Experience in collaborating with matrixed or multi-discipline teams across the organization in security-related decision-making.
• Experience in handling multiple tasks, prioritizing, and meeting deadlines.
• Excellent analytical, interpersonal and communication skills both oral and written.
• Strong attention to detail.
• Self\xe2\x80\x90directed/self\xe2\x80\x90motivated.
• Ability to receive and respond positively to constructive feedback.
• Possessing Agile experience.
• Ability to convey and explain complex technical information to non-technical staff.

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people\xe2\x80\x99s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer

Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World\xe2\x80\x99s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia\xe2\x80\x99s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.



Join us and be part of a company where you will feel included and empowered to succeed.