Director, InfoSec Compliance - Remote - GXO Enterprise Services LLC
Los Angeles, CA 90001
About the Job
At GXO, we're constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you'll have the support to excel at work and the resources to build a career you can be proud of.
Preference is for candidates to be based in either DFW TX, Charlotte or High Point, NC
We are motivated to transform an industry through technology, and we understand that the security of our technology and data is critical to our success. As the Director of Infosec Compliance, you will lead all aspects of Information Security compliance for GXO Logistics globally. You will define the compliance strategy for the company and ensure that all regulatory and contractual requirements are complied with. You will select best-practice frameworks to align to and ensure that, where required, audits and certification against those frameworks is achieved. You will ensure compliance status is reported on at all levels and implement process to track and remediate gaps continually. This role is critical in positioning GXO for long-term success.
Pay, benefits and more.
We are eager to attract the best, so we offer competitive compensation and a generous benefits package, including full health insurance (medical, dental and vision), 401(k), life insurance, disability and more.
What you'll do on a typical day:
- Manage the globally distributed information security compliance team.
- Support the development and maintenance of GXO security governance framework including policies and standards to ensure alignment to industry best practices, regulations and risk appetite.
- Coordinate with internal stakeholders to support key verticals in ensuring that security controls are effectively implemented and integrated into business processes and systems.
- Track and manage our compliance against NIST 2.0 framework globally.
- Oversee the management and maintenance of GXO ISMS(s) and SSPs required for framework certifications such as ISO, CMMC, FISMA, for our global network of clients.
- Oversee audits and ensure we gain certification when contractually required by our clients.
- Manage and track Privacy and other regulatory compliance (such as GDPR, HIPAA, NIS 2 ...)
- Report regularly on the status of all compliance related activities including compliance processes metrics, issues, and remediation actions.
- Manage the function such as it acts as a second line of defense on cyber security controls including but not limited to UARs
- Ensure our policies are enhanced and updated every year.
- Define AI frameworks and policy to safeguard the GXO environment whilst enabling the business to leverage the technology.
- Identify ways in which to leverage advances in Generative AI to increase the efficiency and efficacy of the GRC team.
What you need to succeed at GXO:
At a minimum, you'll need:
- Bachelor's degree in related field, or equivalent related work or military experience
- 7 years of experience in Information Security and technology including 4 years in leadership roles
- Self-starter requiring minimal supervision
- To be highly organized and efficient
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
- Demonstrated experience in application security practices, key network and technical security controls and IT Risk and Security governance
- Demonstrated experience in risk assessment and remediation.
- Experience in project/program management
- Proven interpersonal, leadership and collaboration skills with the ability to effectively supervise, coach and influence employees
- Outstanding written and verbal business and cybersecurity communication skills. This includes production of executive level presentations and reports
- Solid complex problem solving and analytical skills
- Process driven and detail-oriented
- Demonstrable experience in common InfoSec standards and frameworks including PCI-DSS, ISO27001, NIST 800-53, CMMC, FEDRAMP, FISMA, Cyber Essentials Plus.
- Experience in working with government agencies (US and UK).
- Experience in the usage and capabilities of the latest AI technology (particularly LLMs).
- Certified CISA, CISM or CISSP and/or ISO 27001 Lead Auditor Certification (Preferred).
- 2 years of experience in project and program management
- Experience with OT and IoT Security.
GXO is a leading provider of cutting-edge supply chain solutions to the most successful companies in the world. We help our customers manage their goods most efficiently using our technology and services. Our greatest strength is our global team - energetic, innovative people of all experience levels and talents who make GXO a great place to work.
We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.
GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.
All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed. Review GXO's candidate privacy statement here.