Arbetsbeskrivning

"Founded in 1927, the Volvo Group is committed to driving prosperity and shaping the future landscape through sustainable transport, mobility, and infrastructure solutions. By offering trucks, buses, construction equipment, power solutions for marine and industrial applications, financing and services that increase our customers’ uptime and productivity. What you will do At Volvo Group, you will play a pivotal role in transforming our approach to cybersecurity governance. As Director, Head of Cybersecurity Standards and Procedures Office, you will establish and lead a new, highly strategic function responsible for developing, maintaining, and governing our global Information Security Management System (ISMS). You will define the mission, structure, and operational roadmap for the office, ensuring our security framework is robust, current, and verifiable through formal certifications and audits. In this role, you will collaborate with stakeholders across the organization, including Legal, Risk, Compliance, and technical teams, to ensure our standards and procedures align with international best practices and regulatory requirements. You will also drive a culture of security awareness and compliance, making sure our standards are clearly communicated and accessible across the global organization. Your expertise will be key in supporting our journey towards achieving and maintaining key cybersecurity certifications and in providing guidance to business units on control implementation and compliance. This position reports directly to the VP, Head of Data Security and Protection, and can be based both in Gothenburg, Sweden and Wroclaw, Poland.  Key Responsibilities * Establish and lead the new Cybersecurity Standards and Procedures Office, defining its mission, structure, and operational roadmap. * Develop and execute the strategy for the Digital and IT Information Security Management System (ISMS), aligning it with business objectives, risk tolerance, and international best practices (e.g., ISO/IEC 27001). * Serve as the primary governance expert for all cybersecurity steering documents, * Design, implement, and maintain a robust governance framework for the lifecycle of security documentation (creation, review, approval, dissemination, and retirement). * Oversee the ISMS documentation, ensuring it clearly translates high-level policies into actionable, organization-wide standards and procedures. * Collaborate with Legal, Risk, and Compliance teams to ensure all documentation reflects current legal, regulatory, and contractual obligations. * Lead the organization's efforts towards achieving and maintaining key cybersecurity certifications, primarily ISO/IEC 27001. * Develop and manage the compliance program for emerging and mandatory regulations, with a strong focus on the EU's NIS2 Directive (or other relevant regional regulations like DORA, HIPAA, PCI-DSS, etc.). * Coordinate with internal and external auditors for certification audits and regulatory compliance reviews. * Provide subject matter expertise to business units on control implementation and compliance evidence gathering. * Partner closely with the Cybersecurity Operations, Architecture, and Engineering teams to ensure standards are technically feasible and effective. * Drive a culture of security awareness and compliance by ensuring standards are clearly communicated and accessible across the global organization. * Present updates on ISMS status, compliance posture, and governance effectiveness to senior leadership and the Board/Executive Committee. Who Are You? * Extensive experience (10+ years) in Information Security, Governance, Risk, and Compliance (GRC), with at least 3 years in a senior leadership or Director-level role managing a global team or function. * Deep expertise in establishing, operating, and maintaining an Information Security Management System (ISMS) based on the ISO/IEC 27000 series (specifically ISO/IEC 27001). * Proven experience leading major regulatory compliance programs, with direct, recent experience with the NIS2 Directive highly desirable. * Exceptional written and verbal communication skills, with the ability to translate complex security and regulatory requirements into clear, actionable internal standards. * Relevant professional certifications such as CISM, CRISC, CISSP, and/or ISO 27001 Lead Implementer/Auditor. We look forward to hear from you! Last application date: December 17th 2025. In some countries and for specific positions within Volvo Group Digital & IT, background checks may be required, in accordance with local laws & regulations. If this is applicable to the role you have applied for, you will be informed. We value your data privacy and therefore do not accept applications via mail.  Group Digital & IT is the hub for digital development within Volvo Group. Imagine yourself working with cutting-edge technologies in a global team, represented in more than 30 countries. We are dedicated to leading the way of tomorrow’s transport solutions, guided by a strong customer mindset and high level of curiosity, both as individuals and as a team. Here, you will thrive in your career in an environment where your voice is heard and your ideas matter.