What are the responsibilities and job description for the Head of Product Security position at NOKIA?
Come create the technology that helps the world act together
Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work.
The team you'll be part of
Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.
Part of Strategy & Technology, Group Security is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.
We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.
Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond
What you will learn and contribute to
The Head of Product Security has a Nokia wide responsibility that spans the product portfolio of Nokia’s Business Groups (BGs): Mobile Networks, Network Infrastructure and Cloud and Network Services.
In this function you are responsible to ensure that Nokia’s portfolio is compliant with customer and regulatory security requirements so that security remains one of our differentiators in the markets we operate in.
This has two important aspects: 1/ tight cooperation with and support of the Business Groups by providing expertise, direction, platforms, and services; and 2/ establish the company wide governance on product security.
The Head of Product Security is responsible for all aspects of the people and budget management to ensure that skills and expertise remain very high to keep product security aligned with customer expectations.
As part of our team, you will:
- Follow up and anticipate on customer security requirements and security regulation, for all the markets where Nokia is active, and for the different customer segments (Telecom providers, Enterprise, Government).
- Define the ‘Design for Security’ (DFSEC) process and environment, and continuously evolve it in line with the evolving customer requirements and regulation. The DFSEC process leads the Nokia product R&D teams through architecture, design, development and test of new products and product features.
- Evolve and maintain the vulnerability management platform (‘VAMS’) for the Nokia product portfolio. This platform allows the Nokia product lines to identify vulnerabilities in the product and ensures fast disclosure to our customers. This is especially important to address the fast growth in vulnerability disclosure for open-source and third-party SW components.
- Identify, and evangelize best practices for product security both externally and internally to Nokia and ensure that they are adopted as appropriate.
- Identify tools, platforms and technologies that support the DFSEC and VAMS processes.
- Provide test automation support towards the Business Groups.
- Maintain and evolve the Product Security Incident Response Team (‘PSIRT’) function which communicates vulnerabilities to customers and assists customers in case of security incidents with Nokia products involved.
- Create and maintain training on product security for all Nokia product lines. Build on the multi-stage training curriculum (Orange, Purple, and Black Belt) to keep up with best practices and customer requirements. Awareness creation through multimedia channels (videos, Yammer posts, white papers, …).
- Grow the ASTaR lab (‘Advanced Security Testing and Research lab) in Dallas which is Nokia’s end-to-end security testing with a focus on 5G solutions. This involves ASTaR overall management, prioritization of test scenarios in cooperation with the BGs, test execution, result delivery. It also includes cooperation with other, external labs.
- Define the product security strategy and multi-year roadmap in close cooperation with the Business Groups.
Product security team management aspects
- People management of 50 people, in different locations worldwide. This includes performance evaluation, personal and team development plans, leadership and technical career discussions and planning, teambuilding, organizational architecture and promoting collaboration within Group Security, Strategy & Technology, and with other teams in Nokia (see further).
- Yearly budget preparation for the OPEX and headcount that is needed to realize the yearly roadmap. Discussion with the BGS on content, priorities, and funding. Close follow up of the budget, throughout the year.
Your skills and experience
You have:
- Expertise in all aspects of Software development, delivery and maintenance; preferably as technical lead of advanced SW development R&D teams.
- Passion for secure SW development, including the selection, and life cycle management of open-source and third-party SW components.
- Supreme technical and security skills in the wide area of telecom products: functionality, interaction, development, testing, release, maintenance, vulnerability management.
- Great communication and interpersonal skills to work closely with the different teams across Nokia, including Business Groups, and Central Functions.
- Conflict management
- Good influencing skills
- Establish and operate an effective governance at the strategic, tactical, and operational level. This is embedded in the larger security governance Group Security has with the Business Groups.
- People leadership.
- Ability to demonstrate creation and use of a structured methodology for change management and change measurement
- Good capabilities for platform (e.g., VAMS, DFSEC Compliance Tool) development: feature identification, prioritization, commitment on the platform roadmap, and maintenance.
- Interest and understanding of cloud technologies which are increasingly the underlying technology of modern telecom products. This includes the use of public cloud, native cloud capabilities, containers, container orchestration etc.
- Commit to deliverables on an ambitious program and a ‘can do’ mentality
- Knowledge of penetration testing / purple team testing. Understand how to set up, conduct, and use the results to identify security gaps and drive the priorities on the security roadmap
- Reach out to industry peers, to find common ground for solutions and problems.
Behaviors
As a leader, you must have a “go-and-see” mentality and remove impediments and serve as coach. The delivery capability of the Product Security team is your daily priority. You must provide them with an environment where execution can be the everyday focus, where organizational, process and system problems are identified and resolved.
To achieve that, following behaviors are key:
- Customer focus
- People focus
- Spontaneous cooperation with the other teams
- Highly self-motivated and directed – Autonomy
- Strategic thinking
- Agile
- Interested in technology / security watch
- Ability to multitask
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Be convincing
- Pro-Active
It would be nice if you also had:
- CISSP, CISM certified – if not yet, be willing to become certified within 1..2 years
- Other certifications (e.g., Cloud security) are a bonus.
What we offer
Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.
Nokia is committed to inclusion and is an equal opportunity employer
Nokia has received the following recognitions for its commitment to inclusion & equality:
- One of the World’s Most Ethical Companies by Ethisphere
- Gender-Equality Index by Bloomberg
- Workplace Pride Global Benchmark
- LGBT equality & best place to work by HRC Foundation
At Nokia, we act inclusively and respect the uniqueness of people.
Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.
Join us and be part of a company where you will feel included and empowered to succeed.
