Information Security Engineer
Bangalore, INDIA
Job description
Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future. If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match.
What you will do
· Run supplier security assessments (questionnaires + evidence reviews) covering areas such as governance, risk management, IAM, secure SDLC maturity (at organizational level), vulnerability management, incident response, BCP/DR, third-party management, and privacy.
· Evaluate assessment responses and evidence, validate claims, and identify gaps against frameworks/requirements (e.g., ISO 27001, NIST CSF, SOC 2 reports, etc.).
· Produce clear supplier risk summaries: maturity scoring, key gaps, risk rating, and recommended remediation actions.
· Lead supplier follow-ups: clarifying questions, evidence requests, and remediation tracking.
· Advise Procurement and stakeholders during sourcing: security input for supplier selection, onboarding, renewals, and contract changes.
· Support contractual security requirements with Legal (e.g., baseline controls, audit rights, incident notification terms).
· Maintain supplier risk records and reporting: dashboards, trends, recurring weaknesses, and improvements over time.
· Contribute to improving our supplier security assessment process (question sets, scoring models, playbooks, templates, automation ideas).
What you bring
Must-have
· Experience in information security risk, compliance, security assurance, or third-party risk (TPRM/vendor risk), including evidence-based assessments.
· Strong understanding of organizational security controls and how to evaluate them pragmatically (not just “checkbox security”).
· Familiarity with at least one major framework/standard (ISO 27001/27002, NIST CSF/800-53, CIS Controls, SOC 2).
· Ability to write concise, decision-ready risk summaries for non-security stakeholders.
· Confident stakeholder communication—able to challenge politely and ask the right follow-up questions.
Nice-to-have
· Experience assessing SaaS/cloud suppliers and reading audit reports (SOC 2 Type II, ISO certificates, pen test summaries).
· Knowledge of privacy/security overlaps (e.g., GDPR considerations, DPIAs, data processing agreements).
· Experience with GRC/TPRM tools (e.g., OneTrust, ServiceNow GRC, Archer, etc.) or building assessment workflows in Jira/Confluence/SharePoint.
· Understanding of supply chain security expectations in regulated environments (e.g., NIS2, DORA, CRA, sector standards).
We value your data privacy and therefore do not accept applications via mail.
Who we are and what we believe in
We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group’s leading brands and entities.
Applying to this job offers you the opportunity to join Volvo Group . Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment.
Trucks Technology & Industrial Division hire team players who are ready to create real customer impact. Our decentralized teams work close to our customers, with speed and autonomy, to build what they truly need.
Join us to collaborate on innovative, sustainable technologies that redefine how we design, build, and deliver value. Bring your curiosity, your expertise, and your collaborative energy, and together, we’ll turn bold ideas into tangible solutions for our customers and contribute to a more sustainable tomorrow.
Job Category: Information Technology
Organization: Trucks Technology & Industrial
Travel Required: Occasional Travel
Requisition ID: 28868