Group Security Policy Manager

Group Security (GS) SAS Team is seeking a highly motivated Group Security Policy Manager to lead the development and maintenance of Nokia’s information security policies, standards, and guidelines. 

This role ensures that our information security policies align with security best practices, customer requirements, regulatory requirements, and address the evolving threat landscape.

 

Key Responsibilities

This function will be responsible for the full lifecycle management of policy content, which includes the following responsibilities: 

1. Lead the creation, review, approval, and continuous improvement of information security policies, standards, guidelines, and procedures.
2. Develop, implement, and effectively manage changes to policy content as a Subject Matter Expert (SME)
3. Stay informed on (emerging) information security trends, threats, and regulatory changes, and adjust policy content accordingly. 
4. Respond to the need to develop and implement changes and improvements.
5. Conduct research and analyze complex technical and security information by using various sources, such as: publications available on the Internet
6. Consult GS security-related service SMEs to assess current and emerging threats.
7. Collaborate with other SME stakeholders (within Group Security and other Nokia teams) to develop and review new policy content.
8. Work closely with cross-functional teams (including IT, privacy, compliance, legal, corporate functions, and other business groups) to ensure a unified approach to Nokia’s security policy.
9. Ensure that security policy is consistent with the overall Nokia Strategy & Technology strategy, and that policy content helps implementing security strategies addressing the evolving threat landscape.
10. Conduct the annual review of policy content to address new technology, legal, privacy, and organizational requirements.

Key Tasks for Policy Management

This role oversees the full management lifecycle of Information Security policies:

• Act as a primary point of contact for inquiries related to security policies and procedures.
• Lead Group Security’s Policy Review Governance Meetings, schedule regular meetings, review changes under consideration.
• Manage multiple projects and priorities effectively and manage the approval process.
• Communicate policy changes to the Nokia organization, using internal web postings, Nokia’s enterprise social networking platform, and targeted emails.
• Conduct annual review of policy content (to support ISO 27001).
• Conduct life-cycle management of related documentation, policy website, and policy tools.

Key Tasks for developing policy content as a Subject Matter Expert (SME)

• Develop strong understanding of security frameworks (CIS Controls, CMMC, COBIT, ISO 27001, ITIL, NIST,…) and regulatory requirements (GDPR, SOX,…).
• Stay current on cybersecurity trends and the evolving threat landscape.
• Stay up to date with regulatory changes affecting security policy (EU AI Act, NIS2, CRA,,…).
• Analyze, develop, and implement concepts and solutions as a subject matter expert in cybersecurity and information technology.

Knowledge & Experience

• 5+ years proven experience & track record in supporting security team(s) on information security & technology solution reviews, risk management & technology-related policies & standards.
• Proven leadership skills with the ability to manage cross-functional teams and projects.
• Demonstrated SME expertise in cyber security, information technology, and internal control when developing policy content.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001), threat assessment, and risk management methodologies.
• Knowledge of open-source tools, automated scripts, and manual procedures to discover and mitigate security weaknesses.
• Relevant certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer is a plus.
• Knowledge of security penetration testing, or incident response is a plus.

Professional Skills and Competencies

• Excellent oral and written communication skills (using Business English) to convey complex security concepts to diverse audiences throughout Nokia's organization.
• Display strong interpersonal skills to effectively interact with stakeholders at all levels; build and leverage relationships with peers in a global team-oriented fashion.
• Display excellent analytical, and problem-solving skills.
• Proactive & creative style and working independently with minimal supervision.
• Ability to combine technical expertise with a business-minded approach.
• Ability to interpret industry security publications, laws, and regulations and translate those to align Nokia’s policies, standards, and guidelines.

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.