Logistics at full potential.

At GXO, we're constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you'll have the support to excel at work and the resources to build a career you can be proud of.

As the Lead Business Information Security Officer, you will ensure that security programs and services are understood and deployed across the business units. You will take a risk-based approach and act as a business unit representative ensuring business needs are understood and programs and services are appropriately prioritized.

What you'll do on a typical day:

• Provide strategic consulting to the business by providing Information Security subject matter expertise to help the business make informed decisions based on the BU's risk appetite
• Act as a single point of contact for business, representing the GSO, and provide a comprehensive view of GSO services provided; present risk and security posture view to the businesses and provide oversight by acting as a CISO delegate
• Ensure that security services, programs, and processes are embedded and implemented into the businesses, including implementation and coverage of security technologies, monitoring functions, policy awareness, training and awareness, application security services, security SME, client support, third party security, etc.
• Act as conduit for business and regional leadership feedback into GSO programs, in support of process improvements; act as the CISO delegate within the business unit to influence positive change to its Information Security posture through regular engagement and collaboration
• Oversee Information Security support for businesses through regular interface with GSO Tower Leaders and teams; influence and provide input to the Global Tower Leaders in defining their goals and creating global consistency for their teams and towers; work closely with consulting/SME tower in utilizing SME/consulting services according to business/project needs
• Obtain report and matrix from respective towers and other GSO functions to present a comprehensive view of security statuses and/or services provided
• Act as Incident Commander in support of incidents and investigative activities, and maintain responsibility for all aspects of an emergency response; including quickly developing incident objectives, managing all incident operations, and application of resources

What you need to succeed at GXO:

At a minimum, you'll need:

• Bachelor's degree or equivalent related work or military experience
• 4 years of experience in Information Security and technology
• Demonstrated experience in application security practices, key network and technical security controls, and IT Risk and Security governance

It'd be great if you also have:

• Certified CISA, CISM or CISSP and/or ISO 27001 Lead Auditor Certification
• 2 years of experience in management, project and program management
• Experience with automation and efficiency to improve programs and processes
• Proven interpersonal, leadership, and collaboration skills with the ability to effectively supervise, coach, and influence employees
• Excellent verbal and written communication skills
• Solid complex problem solving and analysis skills
• Process driven and detail-oriented

We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.

GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.

All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.