Job Description

This GRC Engineer role supports daily security control monitoring and risk documentation. It ensures compliance with telecom regulations, including TRAI and DOT. The position also maintains adherence to global standards. Key standards include ISO 27001 and NIST frameworks. GRC Engineer provides foundational support for the Managed Security Services (MSS) GRC function. The primary objective is to assist in the day-to-day monitoring of security controls, maintain risk documentation, and support compliance activities related to telecom-specific regulations (TRAI, DOT) and global standards (ISO 27001, NIST).

• Maintain cybersecurity policies, standards, and frameworks, and support policy awareness training.
• Collate data for reporting on risk posture and compliance status to internal teams and customers.
• Assist in maintaining the risk register by tracking treatment plans and mitigation strategies.
• Provide support for security risk assessments, internal audits, and BCP/DR documentation.
• Support adherence to Indian (TRAI, DOT, DPDPA) and global (GDPR, SOC 2) regulatory standards.
• Monitor security controls and policy enforcement within the MSS environment for compliance.
• Organize and maintain compliance artifacts for audits, reviews, and regulatory reporting.
• Coordinate with SOC to ensure incident handling and notification processes meet compliance standards.

Must-Have:

• 6+years of experience coming from B.Tech/M.Tech/MCA educational background.
• Maintain cybersecurity policies, standards, and frameworks, and support policy awareness training.
• Assist in maintaining the risk register by tracking treatment plans and mitigation strategies and, support to TRAI, DOT, DPDPA and GDPR, SOC 2 regulatory standards.
• Monitor security controls and policy enforcement within the MSS environment for compliance.
• Organize and maintain compliance artifacts for audits, reviews, and regulatory reporting.

Nice-To-Have:

• Collate data for reporting on risk posture and compliance status to internal teams and customers. (Important for communication, but the core GRC work is prior to reporting)
• Provide support for security risk assessments, internal audits, and BCP/DR documentation. (Valuable support, but the direct maintenance and monitoring are more foundational)
• Coordinate with SOC to ensure incident handling and notification processes meet compliance standards. (Enhances incident response, but the primary GRC tasks are more about policy and risk management)

Advancing connectivity to secure a brighter world.

Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we’re advancing connectivity to secure a brighter world.

Learn more about life at Nokia

Our recruitment process

We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.

If you’re interested in this role but don’t meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.

The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia