This role requires strong collaboration with various stakeholders across the organization, including Nokia's Digital Office, IT Operations teams, and external partners. You will play a key part in ensuring the effectiveness, compliance, and continuous improvement of Nokia's overall IT security posture and access control mechanisms according to Nokia Policies and other requirements.

Are you passionate about solving problems and securing critical access and assets?

As part of our team, you will:

• Ensure IT Operations and Service Compliance: Monitor and enforce adherence to Nokia's security policies, regulatory requirements, and industry best practices across IT operations and services, including regular audits and assessments.
• Maintain program documentation and metrics: Create and update guidelines, processes, and reporting materials for access management and compliance. Track key metrics, identify areas for improvement, and propose enhancements to optimize security effectiveness and operational efficiency.
• Manage and enhance access control solutions: This includes overseeing the lifecycle of identity and access management, particularly for privileged accounts, ensuring robust security controls and efficient operations.
• Collaborate with diverse stakeholders: Work closely with Nokia's Digital Office, Business Groups, IT Operations, and external partners to integrate access management best practices and ensure compliance.

Above activities should be done in an innovative way, bringing value to the Business Groups / Central Functions & Digital Office teams through simplification, standardization, and homogenization aligned with industry best practices, while fostering a secure and compliant operational environment.

• Education: Master’s degree in computer science or a related technical field, with specializations in Cybersecurity, Information Assurance, or Information Security.
• English proficiency.
• Experience: 7 years of overall experience in Cybersecurity, with a minimum of 3 years of hands-on experience in Security Services related with Cloud Security, Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions.
• Strong understanding of IAM/PAM principles, access control models (RBAC, ABAC), and identity federation technologies (e.g., SAML, OAuth).
• Proven experience with privileged access technology administration, policy configuration, and integration with various IT systems.
• Experience in IT operations compliance, security auditing, and risk management.
• Experience collaborating with diverse technical and non-technical stakeholders.
• Excellent communication, interpersonal, and presentation skills.
• Ability to work independently and as part of a team.
• Strong analytical and problem-solving skills.

It would be nice if you already have or aspire to pursue:

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Identity and Access Manager (CIAM), or similar.

• Experience with cloud security cloud-based identity and access management solutions.

• Knowledge of scripting languages for automation for example of access management tasks.

• Experience with security frameworks and regulations (e.g., NIST, ISO 27001, GDPR, SOX).

• IT Operations Compliance Monitoring: Conduct regular assessments and audits of IT operations and services to ensure compliance with internal security policies, external regulations (e.g., GDPR, SOX), and industry standards.

• Metrics and Reporting: Develop and maintain key performance indicators (KPIs) to track the effectiveness of access management solutions and compliance posture. Regularly report on performance to stakeholders, highlighting successes, challenges, and areas for improvement.

• Continuous Improvement: Proactively identify opportunities to improve the efficiency, effectiveness, and cost-optimization of access management processes, compliance activities, and vulnerability management. This includes researching industry’s best practices, implementing new technologies, and refining processes.

• Access Management Strategy and Planning: Collaborate in the definition and execution of the overall strategy for Nokia's identity and privileged access programs, aligning them with broader security objectives and business needs. This includes setting program goals, defining scope, and developing a roadmap for continuous improvement.

• Privileged Access Solution Management: Manage and maintain privileged access technologies, ensuring optimal performance, security, and integration with other systems. This includes user management, configuration updates, policy enforcement, and troubleshooting.

• Identity Lifecycle Management: Oversee the lifecycle of identities and access rights, from provisioning and de-provisioning to regular reviews, ensuring the principle of least privilege and segregation of duties are applied.

• Access Control and Governance: Implement and enforce robust access control policies and governance frameworks across Nokia's IT landscape. This includes managing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) where applicable.