Global Head of IT Security

Recruiter
GATX Corporation
Location
Chicago
Salary
Competitive
Posted
25 Sep 2024
Closes
23 Oct 2024
Job Type
IT Security
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

Founded in 1898 and headquartered in Chicago, IL, GATX Corporation (NYSE: GATX) is an industry leader with 125+ years of success–success that is powered by our people. We are proud of our high–performance culture, hard–working and enthusiastic management team, and beautiful office space in the Willis Tower.

At GATX, we hire the best and offer our employees a dynamic, energetic, collaborative environment to enable them to make an impact from day one. Enjoy the perks and benefits of a global company with the close–knit culture and community of a much smaller one. In the same way we strive to empower our customers to propel the world forward, we are dedicated to providing our people with the tools and resources they need to move forward in their careers. And, thanks to our employees, in 2023 we were named one of Chicago's Top Workplaces by the Chicago Tribune for the fourth time!

The Global Head– Information Security is responsible for creating and implementing an information security program that is designed to protect GATX's data, systems, and assets globally from any potential threats. This position will partner across functions to drive major security initiatives and will be responsible for effectively communicating goals, risks, and tradeoffs to executive leadership and the board of directors in support of GATX's business goals.

Responsibilities:
  • Central point of contact within GATX for all aspects and communications regarding information security. Understand the fundamental business activities performed by GATX, work with the executive management team to determine acceptable levels of risk for GATX and recommend pragmatic information security solutions that protect these activities.
  • Develop, maintain, and promote information security policies, standards and guidelines. Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
  • Define and own a multi–year cybersecurity roadmap and key performance indicators focused on reducing risk and in alignment with GATX's business goals and objectives. Addressing management fiduciary and legal responsibilities and customer expectations for secure business practices.
  • Provide regular reporting on the current status of the information security program to the enterprise risk management team, senior business leaders and the board of directors as part of a strategic enterprise risk management program.
  • Manage the cost–efficient information security organization, consisting of direct reports and dotted line reports.
  • Maintain an enterprise–wide information security awareness, education, and training program.
  • Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
  • Oversee the performance of periodic IT risk assessments to identify current and future security vulnerabilities, determine levels of acceptable risk, and identify solutions to attain acceptable risk levels.
  • Perform periodic quality measurement studies to determine whether the GATX Information Security function operates in an efficient and effective manner consistent with standard industry practices.
  • Build and nurture external networks consisting of industry peers, advisory bodies, vendors, law enforcement, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks. Maintain working knowledge of latest developments in information security, including new products and services.
  • Coordinate the preparation of information technology contingency plans to respond to information security breaches, violations, and incidents. Manage internal procedures and activities pertaining to the investigation, resolution, and prosecution of information security breaches and violations.
  • Develop, maintain, and manage effective information technology disaster recovery and business continuity practices and standards, including plans and procedures to ensure that critical business applications are recovered in the event of a declared disaster.
  • Manage all Sarbanes–Oxley related efforts and act as liaison between Internal/External Audit and the IT Department. Manage relevant processes and procedures associated with Sarbanes–Oxley: enforce existing internal controls, and identify any necessary additional internal controls. Work with Corporate Audit to ensure that additional controls are documented, instituted, practiced, and monitored.
Qualifications:

Interaction:

The Global Head– Information Security plans, organizes, coordinates, and directs information security activities globally for GATX. He or she acts as the focal point for all communications related to information security, including internal staff and third parties. The Director works with a wide range of individuals from different internal organizational units, bringing them together to establish appropriate controls for safeguarding information assets from current information security threats and potential future information security risks.

Education and/or Experience Required:

  • Minimum of 10+ years of experience in a significant leadership role in information security, including experience in adopting and implementing widely accepted management frameworks for IT governance and information security practice (e.g. NIST, ISO–27001, COBIT).
  • Regulatory compliance experience with Sarbanes–Oxley, HIPAA, Gramm–Leach–Bliley, European Privacy Directive, NIST, NSA etc.
  • Knowledge of information security, control, and risk management techniques, trends, and developments.
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
  • Bachelor's degree in Information Security, Computer Science, or related field required. Master's degree or post–graduate work preferred.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.