Family Description

Information Technology (IT) acts as an internal function the developing, running, and maintaining of the IT systems and platforms Nokia is running on. Develops and maintains applications to meet the business needs of the organisation. Covers the performance and monitoring of day-to-day database and system activities as well as the provision of remote support to users regarding hardware and software problems.

Subfamily Description

Cyber Security & IT Compliance (CSI) comprises the provision of security support and services to improve the compliance level / security posture of Nokia. Covers the engagement of stakeholders to bring risks to an acceptable level. This includes identification of risks, gap analysis, mitigation strategies and tracking of the implementation of the agreed actions.

 

Impact

Impact is short-term and usually departmental/project in scope. Accountable for quality, accuracy and efficiency of own and/or team achievements. Actions and errors can have program, project, functional impact.

Scope & Contribution

Individual Contributor: Performs and/or coordinates day-to-day activities to meet departmental/project objectives. Carries out root/cause analysis in more complex problems. Can develop and implement recommendations. Managerial/Supervisory: Direct supervisory responsibilities for people. Typically first level (and lowest level) of solid line management. Carries out variety of complex activities according to plan within broader area of responsibility, analyses problems. Decision-making typically according to established solutions.

Innovation

Accepts responsibility for and demonstrates support for delegated decisions. Requires minimum supervision. Uses non standard approaches to resolving issues. Suggests improvements and seeks opportunities for innovation. Demonstrates initiative & adaptability to changing business environments. Is willing to take on new roles or jobs appropriate to skill set in different environments and/or locations.

Communication

Works to influence others to accept job function’s view/practices and agree/accept new concepts, practices, and approaches. Requires ability to communicate with functional leadership regarding team & technical matters. May conduct briefings with senior leaders within the job function. May at times be required to negotiate regarding operational issues.Has cross-cultural knowledge and global mindset

Knowledge & Experience

Management experience / Achieved advanced skills and knowledge within a specific professional discipline involving the integration of theory and principles with organisational practices and precedents. Typically requires 4-6 years relevant experience and/or a graduate equivalent (or higher) degree.

Proven technical expertise in one or more CS domains, such as Endpoint security, Application security, ERP & Cloud Security, logical security, Network Security, asset management & User access management

Hands on experience with IT sec tools - Qualys, Lab man, Archer, EDR, Palo Alto Prisma & OT - CTD solutions, OT- security concepts (IoT devices, PLC & SCADA devices)

Incident Management and response, scalations of security incidents & remediation plans, understanding of IT infrastructure and policies, including firewalls, user authentication and risk mitigation

Can prepare manufacturing and repair centers with IEC62443 requirements 

Minimum 5 years of relevant experience

• Assesses the compliance, identifies deficiencies, determines risk level, recommends solutions and give guidance and support to ensure Nokia information is protected in line with the Nokia Information Security Policy, done in a cost effective and innovative way bringing value , through simplification, standardization and homogenization.

• Engages with stakeholders and shares knowledge and expertise on the IT security management and related security management perspectives across the organization to ensure IT security management is adequately represented on relevant business and governance forums and is known, well-integrated, and well-respected across the enterprise. 

• Supports business stakeholders to improve their security posture by defining the present risk level, setting the standard which risk is acceptable and defining remediation actions.

• Contribute on cultural change around Information Security. Identify security needs, assess solutions and make suggestions for improvement and prepare the necessary steps so that these needs can be timely addressed. 

• Creates the cyber security view over standard environment of interactions, dependencies and opportunities. 

• Acts as a professional advisor and mentor for staff / workteam / taskforces.

• Contributes to projects in accordance to our corporate processes.