Head of Data Security FrameworkIntroduction
We, at Enterprise IT Security (EITS)
, are on a mission to secure the IT journey for the Volvo Group. We work closely together with stakeholders across several Business Areas (BAs), Truck Divisions (TDs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, manufacturing, and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction and have global responsibility.
With Enterprise IT Security
you will be part of Group Digital & IT
(Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.Job Summary:
As the Head of Data Security Framework, you will play a critical role in shaping and implementing our data security strategy, policies, and procedures. Your responsibilities will include developing and maintaining a comprehensive data security framework to safeguard our organization's data assets, including critical data asset identification and discovery, and to minimize the risk of data breaches.
You will be a part of creating a new function and team within Volvo Group to support other IT solution teams with security expertise.Main responsibilities:
- Establish and enforce data security policies, standards and guidelines to protect sensitive information and ensure compliance with regulatory requirements.
- Establish and maintain a data security and data protection policy framework, ensuring it is reviewed and approved annually and effectively communicated to all relevant stakeholders.
- Establish a baseline for data security and protection controls by delivering appropriate control frameworks and security standards.
- Ensure effective implementation of policies and data security and protection frameworks as well as affirm effectiveness to board members of the Enterprise IT Security Organisation.
- Develop and maintain data classification frameworks and access control mechanisms to safeguard data confidentiality and availability.
- Conduct regular assurance reviews and assessments to evaluate the effectiveness of data security controls and identify areas for improvement.
- Compliance: Steer and oversee compliance with relevant data protection regulations and standards (e.g., GDPR, HIPAA, ISO 27001) in the context of DLP with close collaboration with EITS Data Privacy area.
- Culture and Awareness: Promote data security culture across the organization through training, education, and communication.
- Generate and present regular reports on performance and key metrics to executive management.
- Ensures collaboration with other parts of Enterprise IT Security to deliver support and consulting for remediation activities on test results.
Minimum Education and Experience:
- A minimum of 8 years of experience in data security, cybersecurity, or a related field.
- Profound knowledge of data protection regulations and standards.
- Strong understanding of data security frameworks, best practices, and industry trends.
- Exceptional leadership and team management skills.
- Analytical and problem-solving abilities with a strong attention to detail.
- Effective communication and presentation skills.
- Relevant certifications such as CISSP, CISM, or CISA are advantageous.
- Ability to work collaboratively and effectively with cross-functional teams.
- Ability to establish and maintain good relations with your internal and external partners/stakeholders.
- Must be able to identify and resolve problems in a timely manner.
We are looking forward to seeing your application!
- Bachelor or Masters Degree in Information Technology, Information Systems, Engineering, a related field or equivalent work experience.
- 10+ years experience in IT Operations, Security & Development
- At least 5 years of experience in leadership position.
Hiring manager – Bartosz Celmer, Head of Data Security and Protection