Grc Sme

il y a 1 mois

Lannion, France NOKIA Temps plein

About Cloud & Network Services

Cloud and Network Services is a leading Nokia business group that offers Network solutions on Core, Business and Enterprise segments, as well as Cloud solutions and Cognitive Services. It is a newly formed business group, that includes most of the former Nokia Software business, Nokia’s enterprise solutions, core network solutions including both voice and packet core, and managed and advanced services from its former Global Services unit. This unit will also act as a delivery channel of certain products from other business groups to enterprise customers. Cloud and Network Services (CNS) will target growth by leveraging the industry transition to cloud-based delivery, network-as-a-service business models, and software-led value creation.

**Job Description**:
Leads, coordinates, communicates, integrates, and is accountable for the overall success of the Security Governance, Risk & Compliance Management Services, with focus on security processes and architecture security design, ensuring alignment with stakeholders. Ensures Security process lifecycle, audit, compliance & risk management, resiliency management, third party security governance, data protection & privacy governance activities are effectively delivered and enhanced for future.

Job Responsibilities & Competencies

Main Responsibility Areas:

- Create and review policy standards and strategies to ensure procedures and guidelines comply with cybersecurity frameworks, standards & industry benchmark.
- Participate in security governance process to provide security risks, mitigations, and input on other technical risks.
- Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of risk areas.
- Assessing security controls and its effectiveness based on cybersecurity principles and tenets. (e.g. NIST CSF, ISO27001, ITU-T x.805, NIST SP 800-53 etc.)
- Provide regular reporting of the security program to relevant stakeholders
- Facilitate security risk, legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
- Perform review & analysis with stakeholders to help establish the lessons learnt, create & update new/existing processes & procedures to mature the Security Governance, Risk & Compliance Management Services.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Develop the Frameworks
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate decisions for appropriate resource allocation, and increase the maturity of the security, and review it with stakeholders
- Ensure secure architecture and security is built-in by design in security GRC services

Operate the Function
- Oversee of policy standards and strategies to ensure procedures and guidelines comply with cybersecurity frameworks, standards & industry benchmark
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
- Ensure effective delivery for Application Security, Penetration Testing, Secure configuration, Vulnerability Management and Data security projects.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance for necessary audit & compliance activities
- Facilitate security risk, legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
- Perform review & analysis with stakeholders to help establish the lessons learnt, create & update new/existing processes & procedures to mature the Security Governance, Risk & Compliance Management Services.

**Qualifications**:
Key Competencies:

- Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
- Sound knowledge of security risk management and cybersecurity technologies
- Strong knowledge on Cloud Security driven by AI
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Must be a critical thinker, with strong problem-solving skills
- Experience with contract and vendor negotiations
- Excellent stakeholder management skills
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
- Perform risk analysis (e.g., threat, vulnerability, and the probability of occurrence)
- Promote awareness of security issues among management
- Knowledge and understanding of relevant legal and regulatory