Information Security Risk lead
2023-04-14
Volvo Group drives prosperity through transport solutions, offering trucks, buses, construction equipment, power solutions for marine and industrial applications, financing and services that increase our customers' uptime and productivity. Founded in 1927, the Volvo Group is committed to shaping the future landscape of sustainable transport and infrastructure solutions. Countless career opportunities are offered across the group's leading brands and entities that share a culture of Trust, Passion, High Performance, Change and Customer Success. Volvo Group Legal & Compliance contributes to realizing the vision of the Volvo Group by coordinating and providing services within the following areas: Legal, Governance, Security, and Internal Audit. With Volvo Group Legal & Compliance you will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other, and embrace change to stay ahead. We make our customers win.
Mission and context
Information security is a new department within Group Security. We are responsible for the 2nd level of cyber security defense within the Volvo group. We are a growing global team of engaged and experienced people. We hope you will join us in creating an even more secure future for the Volvo Group.
In this role you will work across all businesses of Volvo Group to support the resilience and information assurance activities. You will design an effective and comprehensive risk framework, so that Volvo Group operates securely across all ecosystems (IT, OT, and Product).
The successful candidate reports directly to the Security Director risk and assurance.
Main Responsibilities
Develop & maintain the group-wide information security risk management framework (incl. IT, OT, and product)
Perform risk analysis on a tactical and strategical level
Support leadership to determine appropriate risk appetite & tolerances
Consolidate and aggregate IS risks reported from across 1st line teams & ecosystems (IT, OT, and Product) and report them to senior management to shape discussions
Compile external risk reports to relevant stakeholders
Oversee and assure that the Information security risk register are kept up to date
Challenge 1st line teams on risk mitigations to ensure the most effective approaches are being taken
Support development and prioritization of future activities as part of the information security strategy
Identify Group-wide horizontal IS risk scenarios impacting multiple TD/BA/GFs
Coordinate with 1st line teams to develop appropriate mitigations for Group-wide information security risks
Provide training & awareness across Volvo Group on information security risk management and usage of the framework
Your Background
To be successful in this position we believe that you have:
Master's degree in Information technology, computer science, cybersecurity, or related field
6+ years of professional information risk management, information security, or cybersecurity
Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, etc.)
Ability to articulate risks and communicate effectively to various levels of management
Ability to work effectively with a wide range of teams including developers, senior management, customers, auditors, etc.
An industry certification (examples below) is a plus.
CRISC
ISO 31000 Certified Risk Manager
ISO 27001 Lead Implementer
CISM
We are interviewing continuously and might hire before the last application date so please send your application promptly.
If you have questions, please contact:
Claes Johansson
Security Director
• 46 739 025491
