Security Risk and Compliance Expert

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers.
- Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance.
- Conduct risk assessments with global stakeholders to evaluate and report information security risks.
- Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders.
- Provide recommendations for security risk mitigation strategies tailored to different business groups.
- Create, update, and maintain ISMS documentation and a repository of reports and audit records.
- Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture.
- Collaborate with cross-functional teams to identify evolving security trends and compliance requirements.
- Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness.

**You have**:

- Master's or bachelor's degree in computer science, security engineering, or equivalent
- 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies
- Practical knowledge of ISO/IEC 27001:2022 standard implementation
- Excellent documentation and communication skills

**It would be nice if you also had**:

- Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2
- Experience delivering information security training
- Familiarity with RSA Archer and Microsoft Power BI or other GRC tools
- Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA).

**Come create the technology that helps the world act together**

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

**What we offer**

Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

**Nokia is committed to inclusion and is an equal opportunity employer**

Nokia has received the following recognitions for its commitment to inclusion & equality:

- One of the World’s Most Ethical Companies by Ethisphere
- Gender-Equality Index by BloombergWorkplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.