Senior Information Security Analyst (GRC)

Job Description

Job Responsibilities & Competencies

• Develop security architecture and policies based on business needs and risk assessments.
• Coordinate and track information technology and security related external and internal audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Works with auditors as appropriate to keep audit focus in scope, maintains excellent relationships with audit entities and provides a consistent perspective that continually puts the SaaS Acceleration team in its best light. Provides guidance, evaluation, and advocacy on audit responses.
• Perform cyber risk assessments, risk mitigation tracking and reporting of residual risk, security control gap assessments, security architecture reviews, and threat modeling, to identify gaps, recommend solutions, and drive the gaps to completion.
• Develop and maintaining the risk register. Draft and maintain information security standards, policies and best practices.
• Perform and review technical risk assessments; reviews of new and existing applications and systems; reviews of account permissions, computer data access needs, security violations, and programming changes.
• Consult and negotiate with stakeholders to provide information security services to meet internal and/or external customers needs with automated or business improvement solutions consistent with CNS Advanced Technology Group and SaaS Acceleration team plans, standards, and guidelines; define and implement new or revised methods that effectively meet team needs.
• Oversee and/or perform the design, automation, and deployment of security applications and SaaS framework infrastructure program activities.
• Design and plan deployment of continuous automated security compliance capabilities.
• Implement plans of actions and milestones or remediation plans are in place for deficiencies identified during risk assessments, audits, inspections
• Assist with metrics for the Information Security Program.
• Assist with the development of requirements for, and take part in, information security and technology projects.
• Assist research with security compliance requirements.
• Assist with establishing security controls requirements in accordance with applicable laws.
• Perform periodic testing of information resources and supporting security infrastructure to ensure security controls are in place and effective.
• Research, evaluate, and recommend tools and processes for prevention, detection, containment, and remediation of security incidents and/or data security breaches.
• Design, implement and maintain security awareness training and promote security awareness to ensure system security and to improve application, server, and network efficiency.
• Review reports and programs for compliance with industry standards, applicable laws and regulatory and customers requirements.
• Perform other job related duties as assigned.

Your skills and experienceYou have:

• 5 years of full-time experience working in Security & Privacy GRC.
• Industry Certifications such as CISSP, CISA, CRISK, CCAK, PMP, etc

It would be nice if you also had:

• Experience with IT GRC/IRM platforms (ServiceNow, OneTrust, MetricStream, Galvanize, RSA Archer, etc.).
• Knowledge and experience with legal, privacy, regulatory and telco compliance standards such as GSMA, TSR, HITRUST, HIPAA, ISO 27001, SOC2, FedRAMP, GDPR, CCPA, NIST 800 series, CIS Top 20, etc.
• Knowledge of common information security management frameworks, such ITIL, COBIT, COSO, Three Lines of Defense, Common NIST CSF (Cybersecurity Framework).
• Knowledge of the limitations and capabilities of cloud technology and computer systems; technology across all mainstream network, operating system, and application platforms; operational support of networks, operating systems, internet technologies, databases, and security applications; and information security practices, procedures, and regulations.
• Experience with variety of operating systems, Cloud Data Platforms (AWS, Azure, GCP) and Cloud Computing (SaaS, PaaS, IaaS).
• Experience in collaborating with matrixed or multi-discipline teams across the organization in security-related decision-making.
• Experience in overseeing the ongoing development and implementation of policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.
• Experience in leading the development and implementation of the risk management function of the information security program to ensure information security risks are identified and monitored.
• Experience in performing business impact analysis and develop a risk register.
• Experience in recommending programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Experience in handling multiple tasks, prioritizing, and meeting deadlines.
• Leadership and project management experience.
• Excellent analytical, interpersonal and communication skills both oral and written.
• Strong attention to detail.
• Self directed/self motivated.
• Result oriented with a hands-on mindset.
• Ability to receive and respond positively to constructive feedback.
• Possessing Agile experience.
• Ability to convey and explain complex technical information to non-technical staff.

What we offerNokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.Nokia is committed to inclusion and is an equal opportunity employerNokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark
• LGBT+ equality & best place to work by HRC Foundation

At Nokia, we act inclusively and respect the uniqueness of people.Nokia s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.Join us and be part of a company where you will feel included and empowered to succeed.Additional Information,

Keyskills :
networkingactive directorychange managementcustomer relationsinformation securitybusiness impact analysissecurity policy developmentinformation security standardsenvironmental impact assessment