The security and privacy manager will be responsible for coordination of implementation and maintenance of security controls in accordance with corporate policies and programs, including mitigation information security risks in accordance with Nokia’s cyber security standards.
 

• Document assessment results to define mitigation actions to reduce the risk to an acceptable level
• Collaborate with services delivery teams to integrate security good practices and threat modelling into the software development lifecycle, continuously improve security testing methodologies, processes 
• Collaborate with MN teams to ensure compliance with industry standards (National Security Agreement, ISO 27001, NIST, CRA, GDPR, etc.).

• Ensure appropriate communication of policies, standards, and processes are regularly occurring throughout the enterprise.

  
  
• Develop and iterate security baseline, best practices, processes and security documentation
• Support corporate special security programs (e.g. Special Information Protection)
• Participate in management meetings to influence application and infrastructure roadmap for security
• Identify key issues with security for customer contracts and translate to controls which need to be implemented

• Validate security posture of data processing solutions provided by external vendors (e.g. 3rd part software, SaaS, IaaS) 

  
  

You have 

• Bachelors/master’s degree in computer science, network security, engineering or equivalent with Minimum 5 to 10 Yrs experience in managerial cyber/information security position

• Knowledge of current communications industry, cyber security, IP networks, system engineering quality/security standards and ISO, NIST, SOC frameworks.

  
  

  Knowledge of TCP/IP services/protocols (especially “http”), networking, emerging technology trends and system integration.

  
  

  ISO27001 – very good understating and practical implementation experience in standard implementation and audits.

  
  
• Security certifications (ISO27001 implementer/auditor, CISA, CISSP)
• Experience working with service providers, enterprise/IT or other Nokia customers

• Experience with Nokia service delivery organization

  
  

It would be nice if you had:

• Basic knowledge of configuration security mechanisms in modern OS, DBs

  
  

• Good understanding genesis of most common security variabilities in applications (preferable knowledge about Top Ten Risk by OWASP), infra, cloud solution

  
  

• Knowledge related with planning and execution application security scans, planning remediation actions and coordination of mitigations implementation 

  
  

• ITIL Information Security area good knowing