PO/SM Cloud Governance & Security

Let's introduce ourselves

The Cloud Governance & Security Product Owner is responsible for defining, driving, and maintaining Volvo Cars cloud platforms (Azure, AWS, GCP). The role acts as the strategic bridge between security, compliance, operations, and development teams—ensuring that cloud environments remain secure, compliant, cost‑efficient, and aligned with enterprise strategies.

This position owns the product backlog for cloud governance and security capabilities, continuously improving the controls, automation, and guardrails that enable secure-by-design cloud adoption across the organization.

What you'll do

Product ownership and strategy

• Own cloud governance and security product vision, roadmap, and backlog.
• Convert business and regulatory needs into OKRs and delivery-ready backlog items.
• Track KPIs for security posture, governance controls, cloud spend, and adoption.
• Prioritize work by risk, value, compliance, and operational impact.

Product leadership

• Align direction with architecture, security leadership, and business stakeholders.
• Drive cross-cloud prioritization and follow-up with delivery teams, removing blockers.
• Ensure enterprise-grade security, scalability, resilience, and compliance in delivered features.
• Strengthen one-team ways of working and continuous improvement.

Security governance and risk management

• Co-lead cloud and identity governance with Cybersecurity and Cloud Solution Architecture.
• Maintain alignment to Zero Trust, NIST, CIS, and ISO 27002.
• Own the cloud governance and security framework (policies, standards, tagging, cost governance, lifecycle, CNAPP).
• Improve landing zones, IAM lifecycle, vulnerability management, and policy enforcement using a risk-based approach.
• Enable automation-first and self-service capabilities.
• Support audits and manage cloud risk identification and mitigation.

Stakeholder and executive engagement

• Act as executive point of contact for strategy, progress, and risks.
• Communicate roadmap, OKRs, and releases with clear, data-driven updates.
• Partner across platform, engineering, operations, compliance, and vendors to drive adoption.

Lifecycle and performance management

• Define and track success metrics (risk reduction, SLAs and SLOs, posture, experience).
• Use threat, incident, usage, and cost insights to optimize the ecosystem.
• Support secure deprecation and migration from legacy platforms to modern alternatives.

What you'll bring

Technical and domain expertise

• Strong cloud security and governance background across Azure, AWS, or GCP, including landing zones and security architecture.
• Deep IAM knowledge: SSO, MFA, federation, conditional access, identity lifecycle, RBAC or ABAC, and privileged access.
• Practical experience with security controls for network, workloads, data, monitoring, and automation.
• Familiar with key frameworks: Zero Trust, NIST CSF, CIS Controls, ISO 27002, and enterprise IAM models.
• Clear grasp of confidentiality, integrity, and availability principles.
• Strong stakeholder management and communication.

Product and leadership skills

• 3+ years in senior product or security leadership roles in enterprise environments.
• Experience leading strategic platforms or transformation initiatives.
• Ability to translate security requirements into a clear product strategy and roadmap.
• Communicates effectively with executives, stakeholders, and technical teams.

Preferred qualifications (beneficial but not mandatory)

• Cloud certifications such as Azure Security Engineer, Azure Solutions Architect, AWS Security Specialty, and similar.
• Background in cybersecurity, risk management, and cloud platform and architecture management.