Chief Information Security Officer - Auburn Hills - PHINIA

Description

ABOUT US

PHINIA: Advancing sustainability today, powering a cleaner tomorrow.

PHINIA is an independent, market‑leading, premium solutions and components provider with over 100 years of manufacturing expertise and industry relationships, with a strong brand portfolio that includes DELPHI, DELCO REMY and HARTRIDGE. With over 12,500 employees across 43 locations in 20 countries, PHINIA is headquartered in Auburn Hills, Michigan, USA.

At PHINIA, we provide fuel systems, electrical systems, and aftermarket products and solutions of the highest quality — developed and manufactured responsibly — that are designed to enhance efficiency and reduce the environmental impact of vehicles, industrial machinery, and other applications. In doing so, we contribute to a cleaner tomorrow, treat our people and surrounding communities with respect, and hold ourselves accountable to robust ethical standards.

Our Culture

PHINIA promotes and cultivates an inclusive culture and diverse perspectives, strives to maintain its reputation for excellence, thrives on the power of collaboration, and fosters the development of our talented employees. We believe in making a positive impact through our business and actions, and we take our collective responsibility seriously.

Career Opportunities

We believe in building a brighter tomorrow for our employees as well as our customers and encourage you to learn about our long history, strong culture, new technologies, and future vision. We offer a strong local presence and interesting global opportunities. Join us on this shared journey toward a brighter tomorrow.

JOB PURPOSE

The Chief Information Security Officer (CISO) is the enterprise leader responsible for developing, implementing, and managing PHINIA's global cybersecurity program. This role ensures that information assets, digital processes, operational systems, and emerging technologies are protected across PHINIA's ecosystem while enabling business growth, innovation, and operational resilience.

The CISO serves as a strategic advisor and risk leader, partnering with executive leadership, business units, legal, technology teams, and others to assess, identify and manage risks from cybersecurity threats and strengthen our cybersecurity program and processes.

KEY RESPONSIBILITIES

1. Manage Governance & Build Knowledge

• Lead the ongoing refinement of PHINIA's cybersecurity governance practices and processes, in connection with PHINIA's enterprise risk management program.
• Provide regular reporting to senior leaders on cyber risk posture, program priorities and enhancements, and emerging threats.
• Develop, socialize, and maintain cybersecurity policies, processes, standards, and guidelines (including the Incident Response Plan); drive alignment across IT, OT, cloud, and third‑party environments.
• Direct enterprise‑wide security awareness and behavior‑change programs, establishing effectiveness metrics and driving measurable culture improvements.
• Ensure cybersecurity requirements are integrated into key vendor contracts in partnership with Legal, Procurement, and Vendor Management.
• Champion cross‑functional alignment, including among Privacy, Legal, Risk, Compliance, HR, Internal Audit, and business continuity stakeholders.

2. Lead & Enhance the Cybersecurity Function

• Lead a global cybersecurity organization, overseeing hiring, background checks, training, development, performance management, and succession planning.
• Refine the cybersecurity operating model, ensuring it aligns to enterprise strategy, digital transformation initiatives, risk management expectations and the changing cyber landscape.
• Manage the cybersecurity budget, ensuring cost‑effective investment strategies and clear ROI on security capabilities.
• Build an internal Security Champion program to extend security expertise and accountability across all business units and geographies.

3. Set Strategy Aligned to Business Priorities

• Develop and maintain a cybersecurity vision, roadmap, and multi‑year strategy that supports PHINIA's business goals, digital future, and regulatory obligations around disaster recovery and contingency planning, configuration and/or asset management and third‑party risk management.
• Lead enterprise‑wide risk assessment processes, enabling business leaders to make informed decisions within the agreed risk appetite.
• Address shadow IT ("citizen IT") by operationalizing onboarding and control processes to mitigate risks from non‑IT managed environments.
• Partner with manufacturing and engineering teams to implement cybersecurity protections tailored to industrial and operational technology (OT) environments.

4. Enhance Cybersecurity Frameworks & Controls

• Enhance alignment with certain cybersecurity frameworks, such as ISO 27001, NIST CSF/800‑53, ITIL, COBIT, ENISA, or ISA‑62443, based on PHINIA's business model and regulatory landscape.
• Own the unified, risk‑based control framework to harmonize global legal, regulatory, and industry requirements (e.g., SOX, GDPR, TISAX).
• Maintain an up‑to‑date document ecosystem of policies, standards, operating procedures, and guidelines.
• Monitor and further develop enterprise‑level metrics and KPIs used to track cybersecurity program maturity, resource allocation, and security effectiveness.

5. Build Internal & External Networks

• Foster strong relationships across IT, manufacturing, engineering, HR, Legal, Internal Audit, Privacy and Compliance to ensure alignment and embed cyber requirements early in business processes.
• Maintain external partnerships with industry peers, vendors, law enforcement, threat intelligence groups, and relevant regulatory bodies.
• Partner with Enterprise Architecture to ensure security architecture principles are built into all platforms and modernization efforts.

6. Operate the Cybersecurity Function

• Ensure privacy requirements are integrated into cybersecurity processes in partnership with the Chief Compliance Officer.
• Establish and manage end‑to‑end cybersecurity risk, compliance, and regulatory assessments, ensuring timely remediation of findings.
• Embed security into the technology delivery lifecycle through secure design, threat modeling, and security testing practices.
• Lead cybersecurity incident management, ensuring rapid containment, cross‑functional collaboration, coordinated response pursuant to the Incident Response Plan, transparent communication, and effective recovery.
• Monitor global threat conditions and advise senior leaders and others on mitigation strategies.
• Proactively identify information security deficiencies and/or opportunities for improvement to better enable business security at the global level. Lead the development of pragmatic solutions across the enterprise.
• Oversee resilience and business continuity alignment, recognizing that PHINIA's operations span global, distributed ecosystems.
• Maintain inventories of information assets, cloud services, and third‑party digital connections.

KEY JOB SKILLS AND COMPETENCIES

Education & Experience

• Bachelor's or master's degree in computer science, cybersecurity, information systems, business administration, or a related field.
• Minimum 10 years of experience across cybersecurity, IT, and risk management, including at least 5 years in a senior leadership role.
• Strong track record of leading cybersecurity programs in global, dynamic, manufacturing or industrial environments.
• Certifications preferred but not required: CISSP, CISM, CISA, CRISC or comparable credentials.
• Experience with contract negotiations, supplier risk management, and global security operations.

Technical & Business Expertise

• Deep knowledge of information security frameworks (ISO 27001, NIST CSF/800‑53, ITIL, COBIT) and regulatory requirements (SOX, GDPR, TISAX), and industry‑specific standards.
• Strong understanding of enterprise architecture, cloud security, OT/ICS security, identity and access management, and emerging technology risks.
• Proficiency with SIEM, IDS/IPS, firewalls, endpoint security, vulnerability management, cryptography, and cloud security tools.
• Up‑to‑date awareness of cybersecurity trends, digital business models, and evolving risk landscapes.

Leadership & Behavioral Competencies

• Visionary leader able to bridge business and technology, influencing without relying on formal authority.
• Exceptional communication skills — capable of informing board‑level decisions and simplifying complex risk topics for non‑technical stakeholders.
• Exceptional project management skills – capable of leading the design and implementation of enterprise wide projects and driving cross‑functional alignment.
• Strong collaboration, stakeholder management, and change‑leadership skills.
• Ability to drive accountability, foster a security‑first mindset, and motivate teams across dotted and functional reporting structures.
• Demonstrated business acumen and the ability to align security strategies with enterprise goals.

WHAT WE OFFER

We provide compensation and benefits programs intended to attract, motivate, reward and retain an incredibly talented, globally diverse workforce at all levels within our organization. Our compensation programs are informed by market data and business needs, and we are committed to providing equitable and competitive compensation. We are committed to providing our team with quality and competitive benefit programs, including health and well‑being resources, family‑centric policies, and an agile workplace program, where not precluded by collective bargaining agreements or national statutory plans. Plans are benchmarked for competitiveness and value.

We provide formal development opportunities at all levels and stages of employee careers. These opportunities are delivered in a variety of formats to make our portfolio of solutions agile, sustainable, and scalable to support our employees in developing the skills needed to succeed.

WHAT WE BELIEVE

• Product Leadership – Innovation that brings value to our customers
• Humility – Seeking out diverse perspectives and working collaboratively
• Inclusivity – Recognizing our differences makes us stronger; we are bold and intentional
• Net‑Zero – Committed to energy efficiency, waste reduction and beneficial reuse
• Integrity – Taking responsibility for our decisions and doing what is right
• Accountability – Taking ownership of our actions and driving results

SAFETY

You will consistently hear us say Safety First We are committed to continually improving our strong safety performance supporting the health and wellness of our employees

We also believe employee health and safety is everyone's responsibility. We encourage safety learning and collaboration to help employees understand and follow applicable safety policies, standards, and procedures and identify opportunities to minimize or eliminate risk. Work is expected to be conducted in a manner that stresses the importance of preventing incidents and illnesses, including attending all required safety meetings and training. It is expected that all incidents, near misses, and unsafe conditions are immediately reported to the direct manager, Human Resources, or Safety Representative.

EQUAL EMPLOYMENT OPPORTUNITY

PHINIA is an equal employment opportunity employer such that all qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity/expression, national origin, disability or protected veteran status.

VISA SPONSORSHIP

PHINIA does provide sponsorship for employment visa status based on business need. However, for this role, applicants must be currently authorized to work on a full‑time basis, in the country where the position is currently based.

NO UNAUTHORIZED REFERRALS FROM RECRUITERS & VENDORS

Please note that PHINIA does not seek or accept unsolicited resumes or offers from third‑party recruiters or staffing agencies associated with any published or unpublished employment opportunities. Any unsolicited information sent to PHINIA will be considered as unencumbered and free from any fee or charge whatsoever. Only members of our Human Resources Team have the authority to engage or authorize recruiting services, which must be agreed upon before the unsolicited resume or offer is received.

GLOBAL TERMS OF USE AND PRIVACY STATEMENT

Carefully read the PHINIA Privacy Policy before using this website. Your ability to access and use this website and apply for a job at PHINIA are conditioned on your acceptance and compliance with these terms.

Before submitting your application you will be asked to confirm your agreement with the terms.

Career Scam Disclaimer

PHINIA makes no representations or guarantees regarding employment opportunities listed on any third‑party website. To protect against career scams, job applicants should take the necessary precautions when interviewing for and accepting employment positions allegedly offered by PHINIA. Applicants should never provide their national ID numbers, birth dates, credit card numbers or other private information when communicating with prospective employers or responding to employment opportunities online. Job applicants are invited to contact PHINIA through PHINIA's website to verify the authenticity of any employment opportunities.

Advancing sustainability today, powering a cleaner tomorrow. Join us on this shared journey to a brighter tomorrow. For more information about PHINIA, please visit