Application Security Professional

The Cyber Security Defense Center (CDC) is looking for an Application Security Professional taking up responsibilities in the Operations and Compliance Team.

What you will learn and contribute to
The CDC OC Application Security team mission is to ensure identification and manage inventory of critical assets and executing the required assessments to ensure Confidentiality, Integrity and Availability on Nokia Applications.

In this context, Nokia’s CDC OC team has established a program for Application Security Compliance verification. The Application Security Professional will be active contributor to implement this program, engaging with the Nokia Application Owners, Business Groups partners and other stakeholders with the goal of ensuring that Nokia’s applications are implemented and operated according to the relevant security and privacy requirements.

The Application Security Professional shall also be capable of addressing the challenges regarding the management of Application Security for a large organisation as Nokia, contributing for with the creation, continuous enhancements, and execution of the program and Governance.

As a daily mission, the Application Security Professional will:

• Initiate and follow with Application Owners the defined processes for:
  • Data Classification.
  • Application Security Compliance Questionnaires.
• Ensure correct inventory of applications is maintained and the respective data classification.
• Launch and review E2E execution of Program processes.
  • Review evidence and results from Application Security Compliance Questionnaires.
  • Ensure that Data Classification is properly identified and associated with respective assets.
  • Tracking the findings/non-compliances and follow up remediation's with the respective Application Owners with the objective of ensure compliance to the relevant Nokia’s security policies and operational process for the application domain.
• Support the overall Governance with IT and Business Groups stakeholders
• Reporting the overall Application Security Domain status to All the relevant stakeholders including management and Business Group Security partners.
   

The ‘Application Security Professional is required to have the following Key Competencies:

• Experience of Security Controls and techniques, including Authentication, authorization, encryption, logging, and application security testing, etc.
• Experience of security risk management and cybersecurity domain.
• Experience in Enterprise Architecture and Data Governance practices
• Knowledge of common information security management framework and standards
  • Aware of IT policy, SOX, NSA, GDPR, ISO 27001, Data Privacy requirements.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Familiar with Public Cloud, Cloud-based and AI applications, and deployment models
• Strong Gap Analysis & Security Audit Skills.
• Knowledge of application security including OWASP. 

In the overview below, a series of requirements or expectations are listed. This overview is not to be considered as a need-to-have for all but, in the case a particular expectation cannot be met, it is expected that the applicant is aspiring to (eventually) fulfill the expectation

• BSc or MSc (preferred) degree in computer science or related technical field.
• Have +7 years of experience in cyber security (or equivalent by education and/or interest);
• Having practical/hands-on experience on Application Security or as a Security Architect.
• Experience with GRC and ITSM tools and processes.
• Be able to work in a standalone way with a minimum of guidance and oversight.
• Be fluent in English (oral and written) and engage with discussions with other stakeholders in the organisation.
   

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.