We are seeking a seasoned Information Security Risk Specialist to lead enterprise-wide cybersecurity risk management initiatives at Daimler Truck Innovation Center India, Bengaluru. This role will drive the development, implementation, and oversight of strategies that safeguard digital assets against evolving cyber threats, vulnerabilities, and regulatory risks, including compliance with the EU Cyber Resilience Act (CRA).
The ideal candidate will possess deep expertise in cybersecurity risk methodologies, conduct comprehensive security assessments, and define robust technical controls to mitigate risks across complex systems. This position demands strong collaboration across engineering, IT, legal, and regulatory teams, as well as with suppliers and external partners.
- Develop, implement, and maintain an enterprise-wide information security risk management program aligned with global standards and CRA requirements.
- Conduct detailed cybersecurity assessments across IT and OT environments, including connected vehicle platforms and digital products.
- Define and implement technical cybersecurity controls to mitigate identified risks, including secure design, access controls, encryption, and monitoring.
- Identify, assess, and document risks related to digital components, software supply chains, and third-party integrations.
- Perform risk assessments, vulnerability analyses, and impact evaluations on IT systems and processes.
- Ensure compliance with cybersecurity regulations and standards including ISO 27001, NIST, GDPR, and the Cyber Resilience Act.
- Collaborate with cross-functional teams to establish risk mitigation strategies and action plans.
- Monitor, track, and report on risk metrics and key performance indicators (KPIs).
- Drive security awareness programs and train employees on risk management practices.
- Prepare and present detailed risk assessment reports to senior management and regulatory bodies.
- Develop and maintain comprehensive documentation of cybersecurity controls, risk assessments, and compliance activities
Education:
- Bachelor’s degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field.
- Advanced degrees (e.g., Master’s) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus.
Experience:
- 8+ years of experience in information security, risk management, or cybersecurity governance.
Skills and Competencies:
- Deep understanding of cybersecurity frameworks: ISO 27001, NIST CSF, COBIT, COSO, and CRA
- Strong expertise in risk management, cybersecurity assessments, penetration testing, and vulnerability management.
- Ability to define and implement technical controls such as secure coding practices, network segmentation, and endpoint protection.
- Experience with regulatory compliance and product security in the automotive or manufacturing sector.
- Excellent analytical skills for evaluating and prioritizing risks.
- Strong communication and stakeholder engagement skills across global teams.
- Strategic mindset with attention to detail and resilience under pressure.
- Effective team player with exceptional interpersonal and leadership capabilities.
