Chief Information Security Officer

** 1.*
* ** Manage Governance & Build Knowledge
*** Lead the ongoing refinement of PHINIA’s cybersecurity governance practices and processes, in connection with PHINIA’s enterprise risk management program.
* Provide
** regular reporting
** to senior leaders on cyber risk posture, program priorities and enhancements, and emerging threats.
* Develop, socialize, and maintain
** cybersecurity policies, processes, standards, and guidelines** (including the Incident Response Plan); drive alignment across IT, OT, cloud, and third‑party environments.
* Direct enterprise‑wide
** security awareness and behavior‑change programs**, establishing effectiveness metrics and driving measurable culture improvements.
* Ensure cybersecurity requirements are integrated into key vendor contracts in partnership with Legal, Procurement, and Vendor Management.
* Champion cross‑functional alignment, including among Privacy, Legal, Risk, Compliance, HR, Internal Audit, and business continuity stakeholders.
* Enhance alignment with certain cybersecurity frameworks, such as
** ISO 27001, NIST CSF/800‑53, ITIL, COBIT, ENISA, or ISA‑62443**, based on PHINIA’s business model and regulatory landscape.
* Own the unified, risk‑based
** control framework
** to harmonize global legal, regulatory, and industry requirements (e.g., SOX, GDPR, TISAX).
* Maintain an up‑to‑date document ecosystem of policies, standards, operating procedures, and guidelines.
* Monitor and further develop enterprise‑level
** metrics and KPIs
** used to track cybersecurity program maturity, resource allocation, and security effectiveness.
* Foster strong relationships across IT, manufacturing, engineering, HR, Legal, Internal Audit, Privacy and Compliance to ensure alignment and embed cyber requirements early in business processes.
* Maintain external partnerships with industry peers, vendors, law enforcement, threat intelligence groups, and relevant regulatory bodies.
* Partner with Enterprise Architecture to ensure security architecture principles are built into all platforms and modernization efforts.
* Ensure privacy requirements are integrated into cybersecurity processes in partnership with the Chief Compliance Officer.
* Establish and manage end‑to‑end
** cybersecurity risk, compliance, and regulatory assessments**, ensuring timely remediation of findings.
* Embed security into the technology delivery lifecycle through secure design, threat modeling, and security testing practices.
* Lead cybersecurity
** incident management**, ensuring rapid containment, cross-functional collaboration, coordinated response pursuant to the Incident Response Plan, transparent communication, and effective recovery.
* Monitor global threat conditions and advise senior leaders and others on mitigation strategies.
* Proactively identify information security deficiencies and/or opportunities for improvement to better enable business security at the global level.  Lead the development of pragmatic solutions across the enterprise.
* Oversee resilience and business continuity alignment, recognizing that PHINIA’s operations span global, distributed ecosystems.
* Maintain inventories of information assets, cloud services, and third‑party digital connections.
* Bachelor’s or master’s degree in computer science, cybersecurity, information systems, business administration, or a related field.
* Minimum 10 years of experience across cybersecurity, IT, and risk management, including at least 5 years in a senior leadership role.
* Strong track record of leading cybersecurity programs in global, dynamic, manufacturing or industrial environments.
* Certifications preferred but not required:
** CISSP, CISM, CISA, CRISC
** or comparable credentials.
* Experience with contract negotiations, supplier risk management, and global security operations.
* Strong understanding of enterprise architecture, cloud security, OT/ICS security, identity and access management, and emerging technology risks.
* Proficiency with SIEM, IDS/IPS, firewalls, endpoint security, vulnerability management, cryptography, and cloud security tools.
* Up‑to‑date awareness of cybersecurity trends, digital business models, and evolving risk…