Head of Cybersecurity Standards and Procedures Office

What you will do

At Volvo Group, you will play a pivotal role in transforming our approach to cybersecurity governance. As Director, Head of Cybersecurity Standards and Procedures Office, you will establish and lead a new, highly strategic function responsible for developing, maintaining, and governing our global Information Security Management System (ISMS).

You will define the mission, structure, and operational roadmap for the office, ensuring our security framework is robust, current, and verifiable through formal certifications and audits. In this role, you will collaborate with stakeholders across the organization, including Legal, Risk, Compliance, and technical teams, to ensure our standards and procedures align with international best practices and regulatory requirements. You will also drive a culture of security awareness and compliance, making sure our standards are clearly communicated and accessible across the global organization.

Your expertise will be key in supporting our journey towards achieving and maintaining key cybersecurity certifications and in providing guidance to business units on control implementation and compliance.

Your future team

You will join Group Digital & IT (Group Function), a global and diverse team of highly skilled professionals who work with passion, trust each other, and embrace change to stay ahead. Our team values collaboration, continuous learning, and the unique perspectives each member brings.

This position reports directly to the VP, Head of Data Security and Protection, and can be based both in Gothenburg, Sweden and Wroclaw, Poland. 

Key Responsibilities

Strategy & Leadership

• Establish and lead the new Cybersecurity Standards and Procedures Office, defining its mission, structure, and operational roadmap.
• Develop and execute the strategy for the Digital and IT Information Security Management System (ISMS), aligning it with business objectives, risk tolerance, and international best practices (e.g., ISO/IEC 27001).
• Serve as the primary governance expert for all cybersecurity steering documents, including Directives (Policies), Guidelines, and Standard Operating Procedures (SOPs).

Governance & Documentation

• Design, implement, and maintain a robust governance framework for the lifecycle of security documentation (creation, review, approval, dissemination, and retirement).
• Oversee the ISMS documentation, ensuring it clearly translates high-level policies into actionable, organization-wide standards and procedures.
• Collaborate with Legal, Risk, and Compliance teams to ensure all documentation reflects current legal, regulatory, and contractual obligations.

Compliance & Certification

• Lead the organization's efforts towards achieving and maintaining key cybersecurity certifications, primarily ISO/IEC 27001.
• Develop and manage the compliance program for emerging and mandatory regulations, with a strong focus on the EU's NIS2 Directive (or other relevant regional regulations like DORA, HIPAA, PCI-DSS, etc.).
• Coordinate with internal and external auditors for certification audits and regulatory compliance reviews.
• Provide subject matter expertise to business units on control implementation and compliance evidence gathering.

Collaboration & Communication

• Partner closely with the Cybersecurity Operations, Architecture, and Engineering teams to ensure standards are technically feasible and effective.
• Drive a culture of security awareness and compliance by ensuring standards are clearly communicated and accessible across the global organization.
• Present updates on ISMS status, compliance posture, and governance effectiveness to senior leadership and the Board/Executive Committee.

Who Are You?

Do you dream big? We do too, and we are excited to grow together. In this role, you will bring:

• Extensive experience (10+ years) in Information Security, Governance, Risk, and Compliance (GRC), with at least 3 years in a senior leadership or Director-level role managing a global team or function.
• Deep expertise in establishing, operating, and maintaining an Information Security Management System (ISMS) based on the ISO/IEC 27000 series (specifically ISO/IEC 27001).
• Proven experience leading major regulatory compliance programs, with direct, recent experience with the NIS2 Directive highly desirable.
• Exceptional written and verbal communication skills, with the ability to translate complex security and regulatory requirements into clear, actionable internal standards.
• Relevant professional certifications such as CISM, CRISC, CISSP, and/or ISO 27001 Lead Implementer/Auditor.

What´s in it for you?

We offer a solid package of compensation and benefits, plus you will enjoy:

• A collaborative and inclusive work environment where your ideas and contributions are valued.
• Opportunities for professional growth and development within a global organization.
• The chance to make a real impact on the future of sustainable transport and digital security.

We look forward to hear from you! Last application date: December 17th 2025.

In some countries and for specific positions within Volvo Group Digital & IT, background checks may be required, in accordance with local laws & regulations. If this is applicable to the role you have applied for, you will be informed.

Dear Candidate, we would like to kindly inform you that the Volvo Group companies in Poland have in place the "Internal Reporting Procedure". If you need more information, please contact us at the email address recruitment.poland@volvo.com. We value your data privacy and therefore do not accept applications via mail.