Senior IT Security Advisor
Wroclaw, PL, 51-502
Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future. If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match.
Your working environment
We, at Enterprise IT Security, are on a mission to secure the IT journey for the Volvo Group. We work closely together with stakeholders across several Business Areas (BAs), Truck Divisions (TDs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, manufacturing and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction and have global responsibility.
With Enterprise IT Security you will be part of Group Digital & IT (Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.
What you will do
As Senior IT Security Advisor you will play a pivotal role in defining how we secure our IT assets. You will be responsible for advising various departments from Group Digital & IT how to apply security requirements and architecture principles into the solution designs, analyze weaknesses and propose mitigations. This role has important awareness and education aspect. Scope includes collaboration with developers, architects, and DevOps teams to build and maintain effective security measures, architecture, solutions, policies, and procedures. In this role, you will be instrumental in shaping the security posture of the Volvo Group's security services. Your ability to navigate complex environments and communicate effectively with stakeholders will be key to fostering a culture of security awareness and compliance.
Key Responsibilities:
1. Strategic and Tactical Direction
• Steer and oversee the strategic and tactical direction of our IT security capability, ensuring it meets the evolving security landscape and organizational needs
• Regularly conduct formal architecture assessments and security reviews for digital products. Verify compliance with Volvo Group security requirements, architecture standards, blueprints, global best practices, identify weaknesses and propose strategies for improvement.
• Conduct comprehensive assessments of security risks identifying vulnerabilities, assess potential impact, and recommend effective security measures. Perform risk management activities from the initial identification through assessment and identifying mitigating actions.
• Provide an advisory in regard to the solution design, translating security requirements into solution proposals, assessing solution blueprints.
• Craft, update, and enforce security policies, procedures, and guidelines in alignment with industry standards and regulatory requirements. Perform gap analyses of our adherence to information security control frameworks (ISO, ISF, NIST, etc.). Assess, identify, and implement new IT/OT security controls on various projects across organizations. Review existing security policies, procedures, guidelines, and instructions update/create where gaps exist.
2. Stakeholder Engagement
• Actively engage with diverse stakeholders across the organization, fostering collaboration in a multi-cultural environment.
• Serve as a trusted advisor, providing insights and recommendations on security best practices.
• Collaborate with cross-functional teams to integrate security considerations into design and implementation.
3. Training and Communication
• Develop and deliver training programs to enhance security awareness among employees and stakeholders, focusing on building a culture of security that empowers individuals to contribute to the organization’s security posture.
• Lead communication initiatives to disseminate security policies, updates, and best practices throughout the organization, ensuring that all team members understand their role in maintaining security.
4. Continuous Improvement
• Monitor and evaluate the effectiveness of the security framework, making recommendations for enhancements based on emerging threats and vulnerabilities.
• Monitor and ensure adherence to information protection laws and regulations, taking necessary actions to maintain compliance. Review coverage and effectiveness of existing IT and OT security controls.
• Stay abreast of industry trends and advancements in IT security to ensure the organization remains at the forefront of security practices.
Who are you?
We seek candidates with broad IT security experience and a strong grasp of the challenges facing large enterprises like Volvo Group. You should be able to prepare the organization for evolving security risks and build effective relationships with internal and external stakeholders.
Soft skills:
- Strong advisory, coaching, and change management skills
- Excellent critical thinking and communication abilities
- Adaptability and resilience in a dynamic security environment
- Active listening and effective teamwork
- Curiosity and enthusiasm for innovation
Hard skills and knowledge:
• Proven knowledge of one or more well-known cyber-security frameworks (like ISF, NIST, SCF, ISO 27x, OWASP, etc.).
• Security certification such as CCIE, CCNP, CISSP, SABSA or similar.
• On premise and cloud network security technologies such as network segmentation, firewalling/load-balancing/VPN.
• On premises, multicloud and hybrid interconnecting solutions.
• Network discovery and visibility methodologies and tools.
• Practical experience with Threat Modelling using one of the following standards: STRIDE, MITRE, OWASP etc.
• Experience in AppSec and SDLC principles like DevSecOps, SAST, SCA, DAST, Container Security.
• Knowledge of vulnerability management tools, processes for both Applications and Infrastructure incl Cloud specifics.
• Applied knowledge of modern application security area concepts like cloud security, container security, API security, infrastructure as a code security, modern IAM concepts like zero trust model or OAuth2/OIDC, etc.
Minimum Education and Experience:
• Bachelor’s or master’s degree in cyber security, information technology, Information Systems, Engineering, a related field or equivalent work experience.
• 10+ years’ experience in IT Operations, Security & Development or Architecture.
Ready for the next move?
We are looking forward to seeing your application!
We value your data privacy and therefore do not accept applications via mail.
Dear Candidate, we would like to kindly inform you that the Volvo Group companies in Poland have in place the "Internal Reporting Procedure". If you need more information, please contact us at the email address recruitment.poland@volvo.com.
Who we are and what we believe in
We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group’s leading brands and entities.
Applying to this job offers you the opportunity to join Volvo Group. Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment.
Group Digital & IT is the hub for digital development within Volvo Group. Imagine yourself working with cutting-edge technologies in a global team, represented in more than 30 countries. We are dedicated to leading the way of tomorrow’s transport solutions, guided by a strong customer mindset and high level of curiosity, both as individuals and as a team. Here, you will thrive in your career in an environment where your voice is heard and your ideas matter.