The roles and responsibilities have been described as follows:
Proactively identify potential cybersecurity risks and threats to the product, and work to develop strategies to mitigate them.
Collaborate with cross-functional teams to ensure all parties are aligned with security best practices and policies.
Work closely with product, engineering, and development teams to ensure they follow appropriate security protocols throughout the product lifecycle.
Coordinate with incident response teams to investigate and address security vulnerabilities or incidents.
Stay up-to-date on emerging threats and vulnerabilities and recommend new solutions or technologies as needed.
Key Responsibilities:
Manage team to lead training development and engagement model to meet best practices and security compliance standards.
Tightly align with International/InfoSec/Legal/IT to align on solutions & implementation to ensure FedEx's compliance with all laws and regulations and increase security posture.
Develop metrics for security posture based on InfoSec standards, compliance requirements, and best practices.
Provide visibility to regional leadership and global InfoSec leadership on security risk posture.
Provide leadership to advise on secure design and maintenance of systems and development including secure code, access and authorization, logging, intrusion prevention, vulnerability management, and disaster recovery.
Provide leadership to assist in driving effective and defensible security design for systems including application development, and operational systems including firewall design, two-factor authentication, role-based access, logging, and monitoring.
Understand Data Protection Options including Data Loss Prevention and Encryption strategy for systems and applications.
Understand regulatory compliance requirements and provide leadership visibility on implementation requirements.
Guide the team for vulnerability reporting and drive remediation with business partners.
Understand and champion InfoSec standards globally and provide enforcement reporting to the business and leadership.
Provide support to the team for the Information Security FIRST process including advising the global team on process improvement opportunities.
Understanding of cyber security tooling and frameworks such as Zero Trust, NIST, Firewalls, IPS, NDR, and access management.
Training and awareness:
Provide leadership to the team to understand business partners and their specific training needs.
Support Global InfoSec and provide leadership to design, develop, and roll out targeted awareness training for key business partners.
Develop communication material to increase awareness.
This role is focused on delivery management, and therefore needs to be able to work across the Global InfoSec and global leadership teams. You will help the business to achieve compliance, data protection, and effective information management in accordance with all applicable compliance regulations and data protection laws, including the General Data Protection Regulation (GDPR).
May be required to perform other duties as assigned.
Requirement:
Preferably Bachelor's degree or equivalent in Computer Science or related discipline
Proficiency in English comprehension
Proficiency in presentation skills and communication with all levels of audiences
Preferably with a minimum 5 - 10 years of work experience in leading teams
Preferably with work experience especially in application support, cyber security, Idenity Access Management or regulatory compliance
Proficiency in Management Skills; Analytical Skills; Planning & Organizing Skills; Project Management Skills; Interpersonal Skills; Accuracy & Attention to Detail
Preferably have practical knowledge in using ServiceNow Modules and Microsoft Office, particularly in Power BI, Power Automate, and Power Point
Preferably certified in CISSP and/or OSCP
Preferably have practical experience in implementing LEAN, AGILE, and Design Thinking
