Job Description
Visteon is a global automotive technology leader, advancing mobility through innovative technology solutions that enable a software-defined future. The company's state-of-the-art product portfolio merges digital cockpit innovations, advanced displays, AI-enhanced software solutions, and integrated EV architecture solutions. With expertise spanning passenger vehicles, commercial transportation, and two-wheelers, Visteon partners with global automakers to create safer, cleaner, and more connected journeys. Founded in 2000, the company employs 10,000 employees in 18 countries around the globe. In 2024, Visteon recorded annual sales of approximately $3.87 billion and secured $6.1 billion in new business. To know more about us, visit visteon.com.
Mission of the Role:
The Information Security Risk Specialist is a hands-on role responsible for driving a risk-based, business-aligned approach to information security. The role owns key activities across risk management, compliance, vulnerability management, policy governance, and security awareness, working autonomously with technical and business stakeholders to deliver clear, practical, and sustainable security outcomes that go beyond checkbox compliance.
Key Objectives of the Role:
- Own and continuously improve the information security risk management lifecycle, from assessment to treatment and tracking.
- Support information security and IT compliance through control gap analysis, evidence collection, audit support, and remediation follow-up.
- Drive a risk-based vulnerability management process, including prioritization, remediation tracking, and stakeholder reporting.
- Establish effective security governance through practical, business-aligned policies, standards, and procedures.
- Strengthen organizational security awareness through targeted, role-based training programs.
- Collaborate with technical and business stakeholders to translate security requirements into actionable outcomes.
- Leverage GenAI and automation to improve efficiency, reporting quality, and overall security maturity.
Key Performance Indicators (KPIs):
- Timely completion and quality of information security risk assessments and treatment actions.
- Reduction or controlled acceptance of key information security risks over time.
- Compliance readiness, audit results, and timely closure of identified control gaps.
- Vulnerability remediation performance against defined severity and SLA targets.
- Adoption and effectiveness of security policies and awareness initiatives.
- Measurable efficiency gains from automation and process improvements.
Key Year-One Deliverables:
- An operational information security risk management framework with defined processes and ownership.
- A consolidated and prioritized view of key information security risks, including third-party and supply chain risks.
- Improved compliance transparency through control mappings, evidence repositories, and remediation tracking.
- A functioning, risk-based vulnerability management process with clear reporting.
- A refreshed and consistent set of practical information security policies and procedures.
- Delivery of a structured, role-based security awareness program.
- Initial automation use cases leveraging GenAI tools to reduce manual effort and improve output quality.
Qualifications, Experience, and Skills:
- Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent work experience.
- 3+ years of experience in information security, with a focus on risk management, third-party security, and training & awareness.
- Solid grounding in information security risk management, ideally including third-party and supply chain risk.
- Experience supporting compliance activities across frameworks such as ISO 27001, TISAX / VDA ISA, SOX, or similar.
- Hands-on exposure to vulnerability management tools and severity-based prioritization.
- Ability to write clear, practical policies and translate them into effective training.
- Proactive, self-driven, and ownership-oriented working style.
- Strong communication skills, able to engage both technical teams and management.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin nibh augue, suscipit a, scelerisque sed, lacinia in, mi. Cras vel lorem. Etiam pellentesque aliquet tellus. Phasellus pharetra nulla ac diam. Quisque semper justo at risus. Donec venenatis, turpis vel hendrerit interdum, dui ligula ultricies purus, sed posuere libero dui id orci. Nam congue, pede vitae dapibus aliquet, elit magna vulputate arcu, vel tempus metus leo non est.
Etiam sit amet lectus quis est congue mollis. Phasellus congue lacus eget neque. Phasellus ornare, ante vitae consectetuer consequat, purus sapien ultricies dolor, et mollis pede metus eget nisi. Praesent sodales velit quis quam. Curabitur vel justo id mauris egestas congue. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Mauris ut elit. Integer ac mi. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas.
Sed id ligula quis est convallis tempor. Curabitur lacinia pulvinar nibh. Nam a sapien. Quisque placerat. Ut venenatis, miky nisl sit amet porta feugiat, ante magna molestie nisl, id fringilla neque ante at elit. Mauris ut elit. Integer ac mi. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Sed id ligula quis est convallis tempor. Curabitur lacinia pulvinar nibh. Nam a sapien. Quisque placerat. Ut venenatis, nisl sit amet porta feugiat, ante magna molestie nisl, id fringilla neque ante at elit.
Fusce ornare, ante vitae consectetuer consequat, purus sapien ultricies dolor, et mollis pede metus eget nisi. Praesent sodales velit quis quam. Curabitur vel justo id mauris egestas congue. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Mauris ut elit. Integer ac mi. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Sed id ligula quis est convallis tempor. Curabitur lacinia pulvinar nibh. Nam a sapien.
