Global Head of IT Security
Job Locations: US-IL-Chicago
ID: 2024-3900
Category: Information Technology
Position Type: Full Time
Overview
Founded in 1898 and headquartered in Chicago, IL, GATX Corporation (NYSE: GATX) is an industry leader with 125+ years of success powered by our people. We are proud of our high-performance culture, hard-working and enthusiastic management team, and beautiful office space in the Willis Tower.
At GATX, we hire the best and offer our employees a dynamic, energetic, collaborative environment to enable them to make an impact from day one. Enjoy the perks and benefits of a global company with the close-knit culture and community of a much smaller one. Thanks to our employees, in 2023 we were named one of Chicago's Top Workplaces by the Chicago Tribune for the fourth time!
The HYBRID Global Head of Information Security is responsible for creating and implementing an information security program that is designed to protect GATX's data, systems, and assets globally from potential threats. This position will partner across functions to drive major security initiatives and will be responsible for effectively communicating goals, risks, and tradeoffs to executive leadership and the board of directors in support of GATX's business goals.
Responsibilities
- Central point of contact within GATX for all aspects and communications regarding information security. Understand the fundamental business activities performed by GATX, work with the executive management team to determine acceptable levels of risk for GATX and recommend pragmatic information security solutions that protect these activities.
- Develop, maintain, and promote information security policies, standards, and guidelines. Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
- Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing risk and in alignment with GATX's business goals and objectives.
- Provide regular reporting on the current status of the information security program to the enterprise risk management team, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
- Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports.
- Maintain an enterprise-wide information security awareness, education, and training program.
- Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
- Oversee the performance of periodic IT risk assessments to identify current and future security vulnerabilities, determine levels of acceptable risk, and identify solutions to attain acceptable risk levels.
- Build and nurture external networks consisting of industry peers, advisory bodies, vendors, law enforcement, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
- Coordinate the preparation of information technology contingency plans to respond to information security breaches, violations, and incidents.
- Develop, maintain, and manage an effective information technology disaster recovery and business continuity practices and standards.
- Manage all Sarbanes-Oxley related efforts and act as liaison between Internal/External Audit and the IT Department.
Qualifications
Interaction: The Global Head of Information Security plans, organizes, coordinates, and directs information security activities globally for GATX. He or she acts as the focal point for all communications related to information security, including internal staff and third parties.
Education and/or Experience Required:
- Minimum of 10+ years of experience in a significant leadership role in information security.
- Regulatory compliance experience with Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, European Privacy Directive, NIST, NSA, etc.
- Knowledge of information security, control, and risk management techniques, trends, and developments.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Bachelor's degree in Information Security, Computer Science, or related field required; Master's degree or post-graduate work preferred.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
- This position is based in the Chicago Corporate office and considered HYBRID with 60% in-office attendance required.
GATX embraces diversity, and we are proud to be an Equal Opportunity Employer.
#J-18808-Ljbffr