Director of Digital Business Cyber Security

OverviewCHEP provided pay range. This range is provided by CHEP. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.By combining state-of-the-art data science techniques, cutting-edge Internet of Things (IoT) technologies, and Software as a Service, we enable a more connected, intelligent and efficient supply chain. We’re creating value from massive, connected data. Our insights illuminate more than 300,000 supply chains, more than a million customers and partners, and over 300 million physical assets that are constantly on the move around the world.CHEP is a Brambles / BXB Digital company, the global leader in supply chain logistic solutions operating through the CHEP brand. Brambles Limited is listed on the Australian Securities Exchange (ASX) and has its headquarters in Sydney, Australia. Operating in more than 60 countries, with its largest operations in North America and Western Europe, we employ more than 14,500 people and own over 550 million pallets, crates and containers through a network of approximately 850 service centres.Position purposeThe Data and Digital Cyber Leader will report into the global Cyber team (dotted line to Digital leadership) and be responsible for driving overall cyber security compliance across the Digital organization, partnering with the multiple Digital and Technology Service teams to ensure appropriate and effective cyber controls and compliance is achieved, across all digitally designed and run platforms, hardware, software, interfaces, and 3rd party capabilities. Effectiveness will start with developing a thorough understanding of our digital business and solutions, extend to driving evaluation and remediation efforts to improve cyber maturity across Digital solutions, and end with ensuring all new solutions and capabilities are secure by design.This leader will take a risk-based approach to prioritization and investment, in alignment with the Board approved Cyber Strategy, and ensure choices and investment are clear with respect to cyber needs across the Digital space.In addition, this leader will partner closely with the Global Privacy Office and Data Management teams to drive overall Data Loss Prevention and Data Protection across Corporate as a whole. This will include evaluating and implementing new people, process, and technology to better manage Data Loss Prevention at scale, and ensuring appropriate protections and controls are in place in tracking, managing, and protecting Corporate data.With regards to DigitalWork closely with the Digital business globally to review, evaluate, interpret, influence, and provide leadership on proposed and enacted cyber protections and capabilities and industry-best practices in their jurisdictions.Act as the primary security contact, collaborating with business and IT leaders to balance risk/reward to improve security in IT applications and third-party engagements, developing deep understanding of business processes, systems, technologies, data, stakeholders and third-party partners.Partner with Compliance, Legal, IT resources to achieve effective working relationship that can further the effectiveness of the Information Security Program.Advocates for required change and continuously manages policy and standards exceptions program. Leads discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.Support implementation of Governance, Risk, and Compliance (GRC) and third-party security toolset for the Digital organization. Ensures collaboration with GRC stakeholders.Contributes to and aligns risk programs with the NIST CSF based information security program.With regard to DataDefine and drive the global Data Protection and Data Loss Prevention program to ensure all sensitive Corporate data is appropriately protected, especially when shared outside of the company.Engaging collaboratively with application development, data protection, information security, and risk management teams to understand and implement data security solutions.Supporting vendor assessments, including proof of concepts & security technologies researchContinuously improving data protection services based on input from a diverse network of internal and external stakeholders, technology teams and security industry at largeSupport the engagement of Data Owners and Custodians within Corporate to empower decision makers to protect their data.MEASURESIn this role, the Data and Digital Cyber lead will manage the Digital cyber posture improvement efforts, and drive compliance against Data Protection targets to be defined against a high but achievable bar for performance, risk mitigation and continuous improvement, balancing immediate priorities alongside long-term objectives.AUTHORITY / DECISION MAKINGWithin the scope of his or her objectives, duties and responsibilities, the Data and Digital Cyber Leader is authorised to develop and implement controls, policies, organizational measures, and strategic plans to ensure compliance with applicable cyber and regulatory compliance and standards, and as well ensure the company has relevant Data Protection controls in place to protect the business.Build and collaborate with a network of Digital champions and teams globally to support cyber initiatives across the Digital landscapeConsult with and seek any information from any Corporate employee as needed to comply with applicable Digital or Data Protection requirements, and carry out risk assessments, evaluations, consults, and audits to implement, as appropriate, controls, policies, organizational measures, and strategic plansWork with senior leadership to identify strategic investment and buy in, as well as escalate cyber issues and response across Digital and the broader Corporate corporation.Partner with the broader cyber organization to ensure Digital requirements match best in class capabilities offered by the cyber teamObtain external legal or other independent professional advice or engage external consultants or specialists as he or she considers necessary to comply with applicable cyber requirements or data protection requirements/regulatory needsWork with Security Operations to ensure appropriate detection and response measures are in place across services managed by the Digital function, as well as all Data protection tools.KEY CONTACTSInternal: Digital Leadership Teams and other senior Digital leaders, Reginal Leadership teams, Global Functions (particularly HR, TS, Audit), Legal Counsel, Chief Compliance OfficerExternal: Data Protection Authorities, Data Owners / Data Stewards, Outside Counsel, Customers, VendorsQUALIFICATIONSBachelor’s degree in relevant fieldExperience as a Business Information Security Leader, or liaison to global teams in managing large, complex cyber programsExperience in working across all levels of the business to align and enroll teams to support cyber initiativesExperience in working with senior leaders to drive aligned plans, priorities, and investment to cyber initiativesExperience in cyber posture evaluations and risk analysisExperience with data loss solutions and/or security engineering experience with large scale globally distributed implementationsExtensive experience in data-at-rest and data-in-transit, data security techniques and methodologiesExperience using relevant DLP tools for data protectionStrong experience leveraging analysis principles and methodologies to evaluate policies, processes, systems, and Data structures to identify relationships, business risks, compliance with Regulations, Frameworks, & Standards, and any applicable control gapsExperience interpreting Data-related Laws and Regulations to identify Privacy, Protection, and Auditability requirements and an understanding of trends to ensure effectiveness and compliance with any relevant Regulations, Frameworks, and StandardsExperience in leading Data Governance, Data Protection, or GRC ProgramsEXPERIENCEAt least one Information Security certification such as CISSP, CRISC, CISM, CISA, etc.6-8+ years of experience working in hands-on, functional Information Security roles3-5 years of data security experience, or experience in Audit/Risk.3-5 years of security program development or operations experience.1-3 years of managing projects and/or teams.Excellent executive level written and verbal communications.Strong relationship, team building and facilitation skills.Experience working in a matrix modelExperience leading data privacy programs for multinational corporationsExperience driving large-scale programs, leading and executing cross-business or cross-function initiatives, defining solutions and demonstrating impact or value based on metricsExperience reviewing compliance, mitigating risk and advising senior leadership on privacy laws and regulations, such as the GDPRThe salary range for this position is $190,000 to $280,000 / year. Salary ranges provided take into account a wide variety of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications, geographic differentials and other business and organizational needs. Therefore, actual amounts offered may be higher or lower than the range provided. If you have questions, please speak to your Talent Acquisition Partner about the flexibility and detail of our compensation philosophy.” Dependent on the position offered, other forms of compensation may be part of a total offering beyond medical & retirement benefits and may include other monetary incentives or business benefits.Seniority levelDirectorEmployment typeFull-timeJob functionEngineering and Information TechnologyIndustriesTransportation, Logistics, Supply Chain and Storage, Digital Accessibility Services, and Consumer ServicesReferrals increase your chances of interviewing at CHEP by 2xInferred from the description for this jobMedical insuranceVision insurance401(k)Child care supportTuition assistanceGet notified about new Director of Cyber Security jobs in Atlanta, GA.Note: The original included several extraneous job postings and AI-related notes that are not part of the role; this refinement focuses on the Director of Digital Cyber Security position content and removes irrelevant boilerplate. #J-18808-Ljbffr