Visteon is a global automotive technology leader, advancing mobility through innovative technology solutions that enable a software-defined future. The company's state-of-the-art product portfolio merges digital cockpit innovations, advanced displays, AI-enhanced software solutions, and integrated EV architecture solutions. With expertise spanning passenger vehicles, commercial transportation, and two-wheelers, Visteon partners with global automakers to create safer, cleaner, and more connected journeys. Founded in 2000, the company employs 10,000 employees in 18 countries around the globe. In 2024, Visteon recorded annual sales of approximately $3.87 billion and secured $6.1 billion in new business. To know more about us, visit visteon.com.
Mission of the Role:
The Information Security Risk Specialist is a hands-on role responsible for driving a risk-based, business-aligned approach to information security. The role owns key activities across risk management, compliance, vulnerability management, policy governance, and security awareness, working autonomously with technical and business stakeholders to deliver clear, practical, and sustainable security outcomes that go beyond checkbox compliance.
Key Objectives of the Role:
-
Own and continuously improve the information security risk management lifecycle, from assessment to treatment and tracking.
-
Support information security and IT compliance through control gap analysis, evidence collection, audit support, and remediation follow-up.
-
Drive a risk-based vulnerability management process, including prioritization, remediation tracking, and stakeholder reporting.
-
Establish effective security governance through practical, business-aligned policies, standards, and procedures.
-
Strengthen organizational security awareness through targeted, role-based training programs.
-
Collaborate with technical and business stakeholders to translate security requirements into actionable outcomes.
-
Leverage GenAI and automation to improve efficiency, reporting quality, and overall security maturity.
Key Performance Indicators (KPIs):
-
Timely completion and quality of information security risk assessments and treatment actions.
-
Reduction or controlled acceptance of key information security risks over time.
-
Compliance readiness, audit results, and timely closure of identified control gaps.
-
Vulnerability remediation performance against defined severity and SLA targets.
-
Adoption and effectiveness of security policies and awareness initiatives.
-
Measurable efficiency gains from automation and process improvements.
Key Year-One Deliverables:
-
An operational information security risk management framework with defined processes and ownership.
-
A consolidated and prioritized view of key information security risks, including third-party and supply chain risks.
-
Improved compliance transparency through control mappings, evidence repositories, and remediation tracking.
-
A functioning, risk-based vulnerability management process with clear reporting.
-
A refreshed and consistent set of practical information security policies and procedures.
-
Delivery of a structured, role-based security awareness program.
-
Initial automation use cases leveraging GenAI tools to reduce manual effort and improve output quality.
Qualifications, Experience, and Skills:
-
Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent work experience.
-
3+ years of experience in information security, with a focus on risk management, third-party security, and training & awareness.
-
Solid grounding in information security risk management, ideally including third-party and supply chain risk.
-
Experience supporting compliance activities across frameworks such as ISO 27001, TISAX / VDA ISA, SOX, or similar.
-
Hands-on exposure to vulnerability management tools and severity-based prioritization.
-
Ability to write clear, practical policies and translate them into effective training.
-
Proactive, self-driven, and ownership-oriented working style.
-
Strong communication skills, able to engage both technical teams and management.
-
Analytical, detail-oriented, and disciplined in documentation and follow-up.
-
Collaborative mindset with experience working across IT, Legal, Procurement, and Engineering.
-
Very good command of English.
-
Please include an English version of your resume with your application.
Considered a Plus:
-
Advanced degrees or relevant certifications (e.g., CRISC, ISO/IEC 27001).
-
Experience using GenAI tools (Claude Code, Copilot, LLM agents) to automate or enhance security workflows.
-
Experience designing or delivering security awareness programs with a focus on behavior change.
-
Curiosity or early exposure to adjacent security domains such as SOC/SIEM, cloud security, or secure software development.
Key Behaviors:
-
Evaluating Problems
-
Critical Thinking (Investigating Issues)
-
Collaboration (Building Relationships)
-
Communicating Information
-
Showing Resilience
-
Demonstrating Global Mindset
-
Processing Details
-
Driving Success
Reporting Structure:
Reports to: Lead Analyst, Information Security GRC
Location: Palmela, Portugal.
Visteon Culture: If you thrive in a fast-paced, organizational culture that requires agility, adaptability, and a growth mindset from its employees to thrive and stay ahead of the curve Visteon is the place. We value high performance and a drive for results. Innovation, risk-taking, and continuous learning help us keep up with the ever-changing landscape of our industry and be Market leaders. At Visteon, you can be more.
In the fast lane of technology. At Visteon, we’re redefining how the world connects through its vehicles. Our innovations transform the driving experience for millions, powered by a high-performance culture that challenges the status quo and sparks new possibilities—in careers and communities. Join us and help shape the future.
#Li-Hybrid
