Director of Digital Business Cyber Security at CHEP

By combining state-of-the-art data science techniques, cutting-edge Internet of Things (IoT) technologies, and Software as a Service, we enable a more connected, intelligent and efficient supply chain. We’re creating value from massive, connected data. Our unmatched insights illuminate more than 300,000 supply chains, more than a million customers and partners, and over 300 million physical assets that are constantly on the move around the world.

CHEP is a Brambles / BXB Digital company, the global leader in supply chain logistic solutions operating through the CHEP brand. Brambles Limited is listed on the Australian Securities Exchange (ASX) and has its headquarters in Sydney, Australia. Operating in more than 60 countries, with its largest operations in North America and Western Europe, we employ more than 14,500 people and owns over 550 million pallets, crates and containers through a network of approximately 850 service centres.

DIRECTOR OF DIGITAL BUSINESS CYBER SECURITY

POSITION PURPOSE

The Data and Digital Cyber Leader will report into the global Cyber team (dotted line to Digital leadership) and be responsible for driving overall cyber security compliance across the Digital organization, partnering with the multiple Digital and Technology Service teams to ensure appropriate and effective cyber controls and compliance is achieved, across all digitally designed and run platforms, hardware, software, interfaces, and 3rd party capabilities. Effectiveness will start with developing a thorough understanding of our digital business and solutions, extend to driving evaluation and remediation efforts to improve cyber maturity across Digital solutions, and end with ensuring all new solutions and capabilities are secure by design.

This leader will take a risk-based approach to prioritization and investment, in alignment with the Board approved Cyber Strategy, and ensure choices and investment are clear with respect to cyber needs across the Digital space.

In addition, this leader will partner closely with the Global Privacy Office and Data Management teams to drive overall Data Loss Prevention and Data Protection across Corporate as a whole. This will include evaluating and implementing new people, process, and technology to better manage Data Loss Prevention at scale, and ensuring appropriate protections and controls are in place in tracking, managing, and protecting Corporate data.

With regards to Digital:

• Work closely with the Digital business globally to review, evaluate, interpret, influence, and provide leadership on proposed and enacted cyber protections and capabilities and industry-best practices in their jurisdictions.

• Act as the primary security contact, collaborating with business and IT leaders to balance risk/reward to improve security in IT applications and third-party engagements, developing deep understanding of business processes, systems, technologies, data, stakeholders and third-party partners.

• Partner with Compliance, Legal, IT resources to achieve effective working relationship that can further the effectiveness of the Information Security Program.

• Advocates for required change and continuously manages policy and standards exceptions program. Leads discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.

• Support implementation of Governance, Risk, and Compliance (GRC) and third-party security toolset for the Digital organization. Ensures collaboration with GRC stakeholders.

• Contributes to and aligns risk programs with the NIST CSF based information security program.

With regard to Data:

• Define and drive the global Data Protection and Data Loss Prevention program to ensure all sensitive Corporate data is appropriately protected, especially when shared outside of the company.

• Engaging collaboratively with application development, data protection, information security, and risk management teams to understand and implement data security solutions.

• Supporting vendor assessments, including proof of concepts & security technologies research

• Continuously improving data protection services based on input from a diverse network of internal and external stakeholders, technology teams and security industry at large

• Support the engagement of Data Owners and Custodians within Corporate to empower decision makers to protect their data.

MEASURES

In this role, the Data and Digital Cyber lead will manage the Digital cyber posture improvement efforts, and drive compliance against Data Protection targets to be defined against a high but achievable bar for performance, risk mitigation and continuous improvement, balancing immediate priorities alongside long-term objectives.

AUTHORITY / DECISION MAKING

Within the scope of his or her objectives, duties and responsibilities, the Data and Digital Cyber Leader is authorised to develop and implement controls, policies, organizational measures, and strategic plans to ensure compliance with applicable cyber and regulatory compliance and standards, and as well ensure the company has relevant Data Protection controls in place to protect the business.

• Build and collaborate with a network of Digital champions and teams globally to support cyber initiatives across the Digital landscape

• Consult with and seek any information from any Corporate employee as needed to comply with applicable Digital or Data Protection requirements, and carry out risk assessments, evaluations, consults, and audits to implement, as appropriate, controls, policies, organizational measures, and strategic plans

• Work with senior leadership to identify strategic investment and buy in, as well as escalate cyber issues and response across Digital and the broader Corporate corporation.

• Partner with the broader cyber organization to ensure Digital requirements match best in class capabilities offered by the cyber team

• Obtain external legal or other independent professional advice or engage external consultants or specialists as he or she considers necessary to comply with applicable cyber requirements or data protection requirements/regulatory needs

• Work with Security Operations to ensure appropriate detection and response measures are in place across services managed by the Digital function, as well as all Data protection tools.

KEY CONTACTS

Internal: Digital Leadership Teams and other senior Digital leaders, Reginal Leadership teams, Global Functions (particularly HR, TS, Audit), Legal Counsel, Chief Compliance Officer

External: Data Protection Authorities, Data Owners / Data Stewards, Outside Counsel, Customers, Vendors

QUALIFICATIONS

• Bachelor’s degree in relevant field

• Experience as a Business Information Security Leader, or liaison to global teams in managing large, complex cyber programs

• Experience in working across all levels of the business to align and enroll teams to support cyber initiatives

• Experience in working with senior leaders to drive aligned plans, priorities, and investment to cyber initiatives

• Experience in cyber posture evaluations and risk analysis

• Experience with data loss solutions and/or security engineering experience with large scale globally distributed implementations

• Extensive experience in data-at-rest and data-in-transit, data security techniques and methodologies

• Experience using relevant DLP tools for data protection

• Strong experience leveraging analysis principles and methodologies to evaluate policies, processes, systems, and Data structures to identify relationships, business risks, compliance with Regulations, Frameworks, & Standards, and any applicable control gaps

• Experience interpreting Data-related Laws and Regulations to identify Privacy, Protection, and Auditability requirements and an understanding of trends to ensure effectiveness and compliance with any relevant Regulations, Frameworks, and Standards

• Experience in leading Data Governance, Data Protection, or GRC Programs

EXPERIENCE

• At least one Information Security certification such as CISSP, CRISC, CISM, CISA, etc.

• 6-8+ years of experience working in hands-on, functional Information Security roles

• 3-5 years of data security experience, or experience in Audit/Risk.

• 3-5 years of security program development or operations experience.

• 1-3 years of managing projects and/or teams.

• Excellent executive level written and verbal communications.

• Strong relationship, team building and facilitation skills.

• Experience working in a matrix model

• Experience leading data privacy programs for multinational corporations

• Experience driving large-scale programs, leading and executing cross-business or cross-function initiatives, defining solutions and demonstrating impact or value based on metrics

• Experience reviewing compliance, mitigating risk and advising senior leadership on privacy laws and regulations, such as the GDPR

The salary range for this position is $195,000 to $260,000 / year. Salary ranges provided take into account a wide variety of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications, geographic differentials and other business and organizational needs. Therefore, actual amounts offered may be higher or lower than the range provided. If you have questions, please speak to your Talent Acquisition Partner about the flexibility and detail of our compensation philosophy.” Dependent on the position offered, other forms of compensation may be part of a total offering beyond medical & retirement benefits and may include other monetary incentives or business benefits.