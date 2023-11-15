IT and OT Risk officer
2023-11-15
Are you ready to shape tomorrow's general IT control capabilities together with us?
At Volvo Group we put great value to effective and efficient cyber security. Risk management is an essential part of the puzzle, rendering high management attention. In this role you will work closely to our cyber security team and business stakeholders to identify, assess, mitigate and report on cyber risks to support a balanced distribution of responsibility and risk ownership across the group.
This is us, your new colleagues
Volvo Group drives prosperity through transport solutions, offering trucks, buses, construction equipment, power solutions for marine and industrial applications, financing and services that increase our customers' uptime and productivity. Founded in 1927, the Volvo Group is committed to shaping the future landscape of sustainable transport and infrastructure solutions.
We, at Enterprise IT Security, are on a mission to secure the digital journey for the Volvo Group. We work closely together with stakeholders across several Truck Divisions (TDs), Business Areas (BAs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, purchasing, manufacturing, and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction, and have global responsibility in group-wide functions such as IT, legal, compliance, and security.
With Enterprise IT Security, you will be part of Group Digital & IT (a Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other, and embrace change to stay ahead. Enterprise IT Security works in close collaboration with both Group Security function and security functions throughout the organization. Together we strive for a best-in-class cyber security posture.
Your closest team will be EITS Risk, Compliance and Audit (RCA). We are a function that orchestrates the identification, assessment, mitigation, and reporting on IT and OT security risks, assess and monitor compliance with external and internal security requirements and oversee IT related audits and mitigating activities.
This is how you could make an impact
Your main tasks and responsibilities include:
Develop our IT and OT security risk management framework
Establish processes and procedures for continuous IT and OT security risk management
Work closely with a range of stakeholders to identify IT and OT security risks
Conduct risk assessments
Report on risk exposure
Identify and advice on effective measures to mitigate risks
Follow up and report on mitigation activities
Advice and assist colleagues in the area of IT and OT security risk management
Drive our agenda to continuously improve our risk management capabilities
To be successful in this role you need to stay on top of the threat and risk landscape, the regulatory environment, our business strategies, emerging technologies and how new technologies and ways of working alter our risk and control posture.
Who are you?
You are a driven person that contributes to both successful completion of our objectives, as well as to the team spirit of EITS. You are well structured with an ambition that makes you complete tasks within given timeframes, and you equally enjoy working in a team as well as your own tasks.
Mandatory qualifications:
Genuine interest and proficiency in technology and information/cyber security
Experience of IT and/or OT security risk management
Good insight in risk management frameworks
Conducting technology and information security risk assessments
Experience from reporting on risks to all levels of the organization, from Board of Directors to IT technicians
Master's/Bachelor's degree in data/system science or equivalent experience
Effectively communicator verbally and in writing in national language and English
Possession of, or willingness to earn, relevant certifications, such as CISSP, CISA etc.
Experience in one or more of the following areas would be advantageous:
Experience of security testing, audit or similar
Third party risk management, due diligence, and assessments/audits
Thorough understanding and practical Industry standards such as ISO27000, NIST, CMMC, GDPR, etc.
Utilize tools to perform effective control testing and continuous audit
As a member of the RCA team, you shall possess personal attributes to enable acting professionally in accordance with sound principles and be:
Observant, and actively aware of physical surroundings and activities
Tenacious, persistent, and focused on achieving objectives
Decisive, and reaches timely conclusions based on logical reasoning and analysis.
Are we the perfect match?
Yes, we are if you want to join the journey of building RCA into a high-performing team that have fun at work while delivering great stuff. You contribute with your personality and experience form the IT risk management field, and we give you the right context and a great opportunity to grow in a multinational global organization.
Curious, and have some questions? Call us!
Come join us for a cup of coffee and we will gladly give you more information about the role and how we can help each other on our future journey! Contact Anna Nielanger, Head of EITS Risk, Compliance and Audit, +46 76 5533742 or anna.nielanger@volvo.com
.
