IT Security Risk and Compliance Analyst

PHINIA: Advancing sustainability today, powering carbon-free tomorrow
At PHINIA, we create premium fuel systems, electrical systems, and aftermarket parts for internal combustion engine (ICE) vehicles and industrial applications. We make sure our products are clean, efficient, and high-value because we know the actions we take today will have a profound impact on the world tomorrow. Our goal? The cleanest ICE technology: carbon-free combustion.
Always, PHINIA puts quality first, continuing our legacy with over a century of rich expertise and technological innovation. The name PHINIA has roots related to “bright” and “future,” representing our confidence and commitment to bettering the world.

Our Culture 
We believe the health and safety of our employees are a top priority, we care about our local communities and the global environment. PHINIA promotes and nurtures a diverse and inclusive environment, honors integrity, strives for excellence, commits to responsibility for our communities and the environment, and builds on the power of collaboration. 

Career Opportunities 
We believe in building a brighter tomorrow for our employees as well as our customers and encourage you to learn about our long history, strong culture, new technologies, and future vision. We offer a strong local presence and interesting global opportunities.  Join us on this shared journey toward a brighter tomorrow.

Job purpose

This position is responsible to implement and maintain Information Security Compliance program globally. Responsibilities include evaluating Third Party Information Security controls and maturity, researching, reviewing and recommending the policies, controls and procedures for security monitoring and compliance to security frameworks and legal regulations, supporting IT and the business on audits or 3rd party compliance programs such as TISAX or Customers Cybersecurity assessments.
The successful candidate will be an excellent communicator, with in-depth knowledge of the latest industry procedures and regulations.

Key responsibilities
POLICIES AND PROCEDURES
•    Create, review, update and implement the company’s Information Technology policies.
•    Assist in the development and implementation of compliance related processes and/or procedures as it pertains to IT.

AUDITS AND COMPLIANCE PROGRAMS
•    Providing direct support to IT and represent IT Security on internal and external audit teams where IT inquiry is required.
•    Facilitate execution of required testing and auditing activities for the IT Department by internal and external parties leading to successful audits of the company on an ongoing basis
•    Support the business on 3rd party compliance programs such as TISAX, HIPPA or Customers Cybersecurity assessments.
•    Represent IT Security and partner with HR and Legal teams to identify and manage privacy, data protection risks, and compliance requirements to help meet stakeholder expectations.

RISK MANAGEMENT
•    Implement IT Security compliance projects/programs, and especially evaluate Third Party solutions and contracts for Information Security controls and maturity. Partner with management, business teams, Vendors and/or other IT team to develop, test or implement risk management strategies and solutions.
•    Research and recommend remediating controls, and identify performance gaps compared to industry best practice to help gain stakeholder buy-in
•    Leverage former experience and industry-knowledge -network to bring external perspective into the play and apply best-practices
•    Prepare and deliver meaningful operational security risk metrics to IT and Business leadership

What we're looking for

Education and Experience
•    Required: A Bachelor’s Degree in Computer Information Systems, IT Audit or related field.
•    5 years Information Technology experience, 3-4 years of experience in Information Security Risk Management or IT Auditing
•    Working knowledge of common information security management frameworks, regulatory requirements, and applicable standards such as: ISO 27001, NIST CSF, SOX, TISAX, etc

Core competencies
•    Strong knowledge in Microsoft Office Application (Word, Excel and PowerPoint)
•    Knowledge of Information Systems security architecture, security policies, procedures, and best practices.
•    Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails
•    Strong Written and Oral English Communication Skills
•    Strong interpersonal communication and coordination skills and the ability to communicate effectively with a wide range of employees, leaders at various levels, and other customers.
•    Ability to deliver outcomes in a global, matrix organization with diverse stakeholders and priorities
•    Ability and desire to solve complex issues/problems
•    Customer focus

What we offer
•    We provide compensation and benefits programs intended to attract, motivate, reward, and retain a highly talented, globally diverse workforce at all levels within our organization. Our compensation programs are informed by market data and business needs, and we are committed to providing equitable and competitive compensation. We are committed to providing our team with quality and competitive benefit programs, including health and well-being resources, family-centric policies, and an agile workplace program, where not precluded by collective bargaining agreements or national statutory plans. Plans are benchmarked for competitiveness and value.
•    We provide formal development opportunities at all levels and stages of employee careers. These opportunities are delivered in a variety of formats to make our portfolio of solutions agile, sustainable, and scalable to support our employees in developing the skills needed to succeed.

What we believe
•    Product Leadership - Innovation that brings value to our customers
•    Humility - Seeking out diverse perspectives and working collaboratively 
•    Inclusivity - Recognizing our differences makes us stronger; we are bold and intentional 
•    Net-Zero - Committed to energy efficiency, waste reduction, and beneficial reuse
•    Integrity - Taking responsibility for our decisions   and doing what is right 
•    Accountability - Taking ownership of our actions and driving results

Safety 
This position will adhere to Global Star Safety Program, including safety rules, practices, and training as outlined in the PHINIA CTCM Safety Policy Manual, which includes the use of equipment, protective devices, or clothing that the employer requires. This individual will work in a manner that stresses the importance of preventing accidents and illnesses. He/she must take every precaution reasonable in the given circumstance for the protection of themselves and coworkers. In addition, he/she is responsible for reporting all injuries and/or possible dangerous situations, incidents, or occurrences to the immediate supervisor.

Equal Employment Opportunity 
PHINIA is an equal employment opportunity employer such that all qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity/expression, national origin, disability or protected veteran status.
 

No Unauthorized Referrals from Recruiters & Vendors

Please note that PHINIA does not seek or accept unsolicited resumes or offers from third party recruiters or staffing agencies associated with any published or unpublished employment opportunities. Any unsolicited information sent to PHINIA will be considered as unencumbered and free from any fee or charge whatsoever. Only members of our Human Resources Team have the authority to engage or authorize recruiting services, which must be agreed upon before the unsolicited resume or offer is received.

Global Terms of Use and Privacy Statement

Carefully read the PHINIA Privacy Policy before using this website. Your  ability to access and use this website and apply for a job at PHINIA are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the geographical area where you are applying for employment, and review.

Before submitting your application you will be asked to confirm your agreement with the terms.

Career Scam Disclaimer:  PHINIA makes no representations or guarantees regarding employment opportunities listed on any third-party website.  To protect against career scams, job applicants should take the necessary precautions when interviewing for and accepting employment positions allegedly offered by PHINIA. Applicants should never provide their national ID numbers, birth dates, credit card numbers, bank account information or other private information when communicating with prospective employers or responding to employment opportunities online. Job applicants are invited to contact PHINIA through PHINIA’s website to verify the authenticity of any employment opportunities.