Nokia Group Security Policy Manager 

Portugal 

431290623

This role ensures that our information security policies align with security best practices, customer requirements, regulatory requirements, and address the evolving threat landscape.

Key Responsibilities

This function will be responsible for the full lifecycle management of policy content, which includes the following responsibilities:

1. Lead the creation, review, approval, and continuous improvement of information security policies, standards, guidelines, and procedures.
2. Develop, implement, and effectively manage changes to policy content as a Subject Matter Expert (SME)
3. Stay informed on (emerging) information security trends, threats, and regulatory changes, and adjust policy content accordingly.
4. Respond to the need to develop and implement changes and improvements.
5. Conduct research and analyze complex technical and security information by using various sources, such as: publications available on the Internet
6. Consult GS security-related service SMEs to assess current and emerging threats.
7. Collaborate with other SME stakeholders (within Group Security and other Nokia teams) to develop and review new policy content.
8. Work closely with cross-functional teams (including IT, privacy, compliance, legal, corporate functions, and other business groups) to ensure a unified approach to Nokia’s security policy.
9. Ensure that security policy is consistent with the overall Nokia Strategy & Technology strategy, and that policy content helps implementing security strategies addressing the evolving threat landscape.
10. Conduct the annual review of policy content to address new technology, legal, privacy, and organizational requirements.

Key Tasks for Policy Management

This role oversees the full management lifecycle of Information Security policies:

• Act as a primary point of contact for inquiries related to security policies and procedures.
• Lead Group Security’s Policy Review Governance Meetings, schedule regular meetings, review changes under consideration.
• Manage multiple projects and priorities effectively and manage the approval process.
• Communicate policy changes to the Nokia organization, using internal web postings, Nokia’s enterprise social networking platform, and targeted emails.
• Conduct annual review of policy content (to support ISO 27001).
• Conduct life-cycle management of related documentation, policy website, and policy tools.

Key Tasks for developing policy content as a Subject Matter Expert (SME)

• Develop strong understanding of security frameworks (CIS Controls, CMMC, COBIT, ISO 27001, ITIL, NIST,…) and regulatory requirements (GDPR, SOX,…).
• Stay current on cybersecurity trends and the evolving threat landscape.
• Stay up to date with regulatory changes affecting security policy (EU AI Act, NIS2, CRA,,…).
• Analyze, develop, and implement concepts and solutions as a subject matter expert in cybersecurity and information technology.

Knowledge & Experience

• 5+ years proven experience & track record in supporting security team(s) on information security & technology solution reviews, risk management & technology-related policies & standards.
• Proven leadership skills with the ability to manage cross-functional teams and projects.
• Demonstrated SME expertise in cyber security, information technology, and internal control when developing policy content.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001), threat assessment, and risk management methodologies.
• Knowledge of open-source tools, automated scripts, and manual procedures to discover and mitigate security weaknesses.
• Relevant certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer is a plus.
• Knowledge of security penetration testing, or incident response is a plus.

Professional Skills and Competencies

• Excellent oral and written communication skills (using Business English) to convey complex security concepts to diverse audiences throughout Nokia's organization.
• Display strong interpersonal skills to effectively interact with stakeholders at all levels; build and leverage relationships with peers in a global team-oriented fashion.
• Display excellent analytical, and problem-solving skills.
• Proactive & creative style and working independently with minimal supervision.
• Ability to combine technical expertise with a business-minded approach.
• Ability to interpret industry security publications, laws, and regulations and translate those to align Nokia’s policies, standards, and guidelines.

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark