IS IT Internal Auditor

The IS/IT Internal Auditor is responsible for supporting risk-based IT Security and Cybersecurity audits, along with contributing to IT SOX (Sarbanes-Oxley) control testing.

This role is designed for professionals looking to build expertise in cybersecurity risk, IT controls, and audit practices, with hands-on exposure to security assessments, infrastructure controls, and compliance testing. The individual will report to the Internal Audit Director and work under the guidance of Audit Lead while supporting global audit engagements.

Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we’re advancing connectivity to secure a brighter world. 

Our recruitment process

We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.

If you’re interested in this role but don’t meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.

The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia. 

• Support execution of IT security and cybersecurity audits across systems, infrastructure, and applications
• Assist in evaluating controls related to: Identity & Access Management (IAM) (user provisioning, privileged access), Network security (firewalls, segmentation, configurations), Vulnerability management and patching processes, Logging, monitoring, and incident response controls and data protection (encryption, backup, recovery)
• Perform testing procedures to identify control gaps and document observations
• Support risk assessment activities by identifying potential cybersecurity risks and exposures
• Execute IT SOX control testing (SOX 404), including: IT General Controls (ITGCs): access, change management, IT operations, perform walkthroughs, collect evidence, and validate control effectiveness
• Prepare documentation aligned with Nokia standards and support tracking and validation of remediation actions
• Audit Execution Support - Support audit lifecycle activities like planning (process understanding, walkthrough support), fieldwork (control testing, evidence validation), reporting (draft observations, documentation support), follow audit programs and guidance from senior auditors
• Documentation & Quality - Prepare high-quality audit workpapers with clear linkage between Risks, Controls, Testing procedures, Conclusions and ensure compliance with internal audit documentation standards
• Coordinate with IT and control owners to request audit evidence, Clarify system processes and controls, and escalate issues or delays to senior team members in a timely manner
• Data Analytics & Continuous Improvement (Exposure) - Support use of data analytics tools (Excel, Power BI) for audit testing, participate in initiatives to enhance automation in IT audits and SOX testing

Must Have

• Bachelor’s degree in information technology, Computer Science, MIS or related field with 2+ years of experience in: IT Internal/External Audit OR IT Security / IT Operations with control exposure OR IT SOX / ITGC testing

• Basic understanding of IT Security principles (IAM, network security, patching) and 

  
  

  IT General Controls (ITGCs)

  
  
• Familiarity with enterprise systems (e.g., SAP) is a plus

Good to Have

• Exposure to Cybersecurity frameworks (NIST, ISO 27001), Cloud environments (AWS, Azure)
• Certifications (or pursuing) - CISA, Security+, CEH or equivalent

• Understanding of audit frameworks such as COBIT