Sr Analyst, Information Security (Phishing & Behavioural Insights)

Logistics at full potential.

At GXO, we're constantly looking for talented individuals at all levels who can deliver the caliber of service our company requires. You know that a positive work environment creates happy employees, which boosts productivity and dedication. On our team, you'll have the support to excel at work and the resources to build a career you can be proud of.

As the Senior Information Security Specialist for Phishing and Behavioral Insights, you will be responsible for designing and implementing our social engineering resilience program, educating our workforce on the threats faced in the digital world. This role will also support the development of insights into our employees' security behaviors, allowing Information Security to target learning interventions where they are most needed.

What you'll do on a typical day:

• Develop and mature the end-to-end social engineering resilience programme, associated initiatives, processes and supporting strategy.
• Support the creation, approval and delivery of threat and intelligence led targeted and bespoke phishing simulations, working with third-party vendors to facilitate testing and drive real time learning interventions.
• Managing colleague queries and ensure the timely follow up, recording, and tracking, of learning journeys, colleague performance, and remediation of identified gaps.
• Define and sustain a set of security behaviours alongside their quantified risk to GXO, monitoring and learning from people-enabled security events to identify knowledge gaps and prioritise security topics tied to negative behaviours.
• Feed and deliver actionable human behavioural insights, for example, end-user testing data, into the security awareness campaigns team to support the development of awareness activities and initiatives aimed at transforming GXOs security culture.
• Utilise behavioural insights to develop and maintain a set of 'security personas', and in conjunction with the awareness team, identify and analyse their learning needs, as well as appropriate training techniques.
• Collate, review and supply phishing results data to internal stakeholders, relevant governance forms and committees, and when necessary, for internal and external audits.
• Upskill colleagues through the development of high quality and clear awareness content to communicate effectively; translating complex technical information into easy to understand and engaging communications, acting as a social engineering SME.
• Interface with internal and external intelligence teams.

What you need to succeed at GXO:

At a minimum, you'll need:

• Bachelor's degree or equivalent related work or military experience
• Minimum 5-years' experience in Information Security, Learning & Development, Change Management, Data Analytics, Marketing and/or Communications (or a minimum of 4-years related experience for non-degree holders); at least 2-year working with, or in, Information security.
• Strong understanding on human security risk events, causing behaviours and associated key performance indicators ('KPIs') and metrics.
• Good level of understanding of information and cyber security risks, threats, and internal controls.
• Experience administrating Phishing simulation, and learning and information platforms (e.g., Cornerstone, Workplace, Corporate Intranet).
• Able to translate complex policies and technical requirements into "plain English" and clear call to actions for non-technical people in a way that consistently drives objective decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Good prioritization capabilities, with an ability for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong written and verbal communication, and training facilitation skills (i.e., presenting).
• Experience working with internal colleagues across functions and job families and leveraging internal resources.
• Knowledge of utilising different media to communicate, educate and assess security messages and requirements across a varied audience.
• Strong Microsoft Excel skills, and a proven experience in analysing large quantities of data using data analytics and reporting tools (e.g., Power BI).

It'd be great if you also have:

• Degree in, or current enrollment in, Information Security, Education and Learning Management, Psychology, Communications, and/or Marketing, or other related discipline.
• Security Awareness Professional Certification from a recognized professional body (e.g., SSAP, CCAP, SACP, CSAP).
• Change Management Foundation & Practitioner Certification from a recognized professional body (e.g., APMG)
• Diploma/Certification in Learning & Development from a recognized professional body (e.g., CIPD).
• Other Information Security and Data Privacy Certifications (e.g., IAPP CIPP (E/A/C/US), SANS GSEC)

We engineer faster, smarter, leaner supply chains.

GXO is a leading provider of cutting-edge supply chain solutions to the most successful companies in the world. We help our customers manage their goods most efficiently using our technology and services. Our greatest strength is our global team - energetic, innovative people of all experience levels and talents who make GXO a great place to work.

We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.

GXO adheres to CDC, OSHA and state and local requirements regarding COVID safety. All employees and visitors are expected to comply with GXO policies which are in place to safeguard our employees and customers.

All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed. Review GXO's candidate privacy statement here.