Lead Governance & Risk Management

Group Security (GS), Security Architecture and Solutions (SAS) Team is seeking a highly motivated Lead Governance & Risk Management. 

The selected candidate will manage the team responsible for security policies & procedures, risk governance framework and the enterprise risk tooling. 

This Governance & Risk Management team:

• Is responsible for the creation, review, approval, and continuous improvement of information security policies, standards, guidelines, and procedures. 
• Is responsible for the definition and the governance of Nokia’s risk management framework, including the risk metrics, dashboards and reporting. 
• is responsible for the development, the maintenance and the operations of Nokia’s integrated risk management (IRM) tool.

This function will assume following responsibilities: 

1. Day-to-day people & team management of a group of professional & talented policy & risk management experts as well as a team of security software developers operating Nokia’s core IRM tool.
2. Establish & work in close relationship with all other SAS sub-teams to facilitate their security risk & compliance posture efforts and enable them to define the right security & compliance priorities in their respective security & compliance domains.
3. Work together with cross-functional teams (peers, other corporate functions, & business groups) to define & check the Standard Operating Policy (SOP) implementation, to establish the security risk & compliance governance framework, to define the relevant metrics and to set-up the appropriate governance structure.
4. Establish & maintain strong relationships with SAS’ strategic security partners for IRM (Archer, ServiceNOW, etc.) to understand their IRM solution portfolio and evolution to assure maximum value creation.
5. Manage & drive the Security Risk & Compliance Governance Framework using dedicated risks councils to raise & discuss particular security risk & compliance findings with the responsible (business) stakeholders and determine the appropriate remediation actions to improve the security risk & compliance posture.
6. Manage the efforts to create, review, approve, and continuously improve the information security policies, standards, guidelines, and procedures.
7. Manage the IRM software development, maintenance and operation. Coach the IRM software development team, which includes proper change request & IRM feature request governance process, agile software development process and minimal customization.
8. Manage & provide guidance on how to (constantly) further evolve & refine Nokia’s risk management framework through process and workflow automation, enabling data driven decisions using AI technology, effective cyber risk quantification, etc.
9. Stay abreast of the threat landscape evolution as well as new security solution technologies to timely tune the information security policies & procedures as well as adapt & evolve Nokia’s IRM solution.
10. Provide educated opinions on IRM by researching & analyzing various information sources, such as: webinars, newsletter, publications, etc.

Key Tasks for Lead Governance & Risk Management:

The following tasks are key activities for the selected candidate:

• Lead, coach & grow your team members and act as anchor point for team related activities.
• Act as a primary point of contact for inquiries related to security policies and procedures, risk management framework and integrated risk management tooling.
• Interact with SAS peers, Group Security and other Nokia stakeholders and demonstrate thought leadership by governing Nokia’s security risk and compliance baseline posture.
• Perform stakeholder management & provide regular guidance on SAS’ security risk framework and policies & procedures.
• Constantly challenge the status quo by exploring new, better and more efficient ways of working.

Knowledge & Experience

• ~10-years of experience & track record in leading, coaching & growing security experts.
• Strong servant leadership skills to manage & drive cross-functional teams/projects.
• Display strong interpersonal skills to effectively interact with stakeholders at all levels; build and leverage relationships with peers in a global team-oriented fashion.
• Proactive & creative style and working independently with minimal supervision.
• Excellent oral and written communication skills (using Business English) to convey complex security concepts to diverse audiences throughout Nokia's organization.
• Display excellent analytical, and problem-solving skills.
• Combine technical expertise with a business-mindset and able to discuss, advise and conclude topics at various levels of the organization (up to senior leadership teams).
• Strong understanding of security risk frameworks (e.g., NIST, ISO 27001), threat assessment, and risk management methodologies.
• Ability to interpret industry security publications, laws, and regulations and translate those to align Nokia’s policies, standards, and guidelines.
• Relevant certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer is a plus.

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.