Logistics at full potential.
At GXO, we’re constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you’ll have the support to excel at work and the resources to build a career you can be proud of.
As the Lead Business Information Security Officer, you will ensure that security programs and services are understood and deployed across the business units. You will take a risk-based approach and act as a business unit representative ensuring business needs are understood and programs and services are appropriately prioritized.
What you’ll do on a typical day:
- Provide strategic consulting to the business by providing information security subject matter expertise to help the business make informed decisions based on the BU’s risk appetite
- Act as a single point of contact for business, representing the Global Security Office (GSO), and provide a comprehensive view of GSO services provided; present risk and security posture view to the businesses and provide oversight by acting as a CISO delegate
- Ensure that security services, programs, and processes are embedded and implemented into the businesses, including implementation and coverage of security technologies, monitoring functions, policy awareness, training and awareness, application security services, security SME, client support, third party security, etc.
- Understand what is important for businesses and the needs and prioritize the implementation of security services and enforcement of security program/processes in line with business needs and risk appetite.
- Oversee information security support for businesses through regular interface with GSO Tower Leaders and teams; influence and provide input to the Global Tower Leaders in defining their goals and creating global consistency for their teams and towers; work closely with consulting/SME tower in utilizing SME/consulting services according to business/project needs
- Participate in and provide support for GXO risk management practices, including policy compliance and exception management. Perform deeper dive security assessments if needed or manage the assessments conducted by security Governance/SME team.
- Manage client information security inquiries and provide information in support of the GSO to clients.
- Support Divisional ISO/IEC 20000 program and be the security representative for that program. Provide all requisite reporting in conjunction with the Governance Team lead.
- Obtain, report and matrix from respective towers and other GSO functions to present a comprehensive view of security statuses and/or services providedSupport sales teams in engaging the customer and responding to RFIs
What you need to succeed at GXO:
At a minimum, you’ll need:
- Bachelor’s degree or equivalent related work or military experience
-
Minimum 2 years’ experience in similar roles, 6 years’ experience in Information Security.
-
Knowledge/understanding of security technologies, protocols, concepts – such as networks, firewall management, system hardening, encryption, PKI, malware analysis and protection, IDS/IPS, Application firewalls, different type of attacks
-
Understanding and experience in securing cloud applications / infrastructure
-
Understanding of change and release management processes and InfoSec/IT Operations
-
Solid understanding of application security practices, key network and technical security controls, and IT Risk and Security governance
- Experience in risk assessment methodologies (e.g. ISO27005, IRAM2)
Analytical Skills
- Complex problem solving and analysis.
- Process driver with strong attention to detail.
- Identifies opportunities to increase accuracy and optimize resources and develops/recommends/implements solutions.
- Strong aptitude for understanding and analyzing large amounts of data from multiple sources.
- Produces unambiguous, comprehensive, and accurate interpretations.
- Develops insightful, value-added, and actionable analyses with detailed explanations regarding drivers of those results.
Communication Skills
- Writes clearly and informatively. Edits work for spelling and grammar.
- Presents organized and thorough information and data appropriate for intended audience.
- Excellent collaboration and negotiation skills to deal effectively with individuals and groups within and outside the organization.
Time Management Skills
- Demonstrates follow-up skills.
- Provides timely and professional support to all internal/external customers and vendors.
- Experience in managing IT projects/portfolios.
- Prioritizes regular workload, special tasks, and concurrent projects, allocating time and resources to ensure that work is completed accurately and efficiently within established time frame.
- Comfortable using project planning and service management tools.
Other
- Self-motivated.
- Patience when working with teams of differing capabilities.
- Provides a calm and professional influence on the team particularly during times of stress (e.g. incident response)
- Prepared to perform tasks outside of scope of role to ensure goals are achieved.
- Works with minimal supervision.
- Comfortable working in a matrix environment.
- Establishes and maintains effective, collaborative work relationships both internally and externally.
It’d be great if you also have:
- CISSP (Preferred), CISA/CISM (Preferred), ITIL (Preferred)
We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.
GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.
All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.