Xerox Governance, Risk Management and Compliance Security Analyst in Cary, North Carolina
Xerox(NYSE: XRX) makes every day work better. We are a workplace technology company, building and integrating software and hardware for enterprises large and small. As customers seek to manage information across digital and physical platforms, Xerox delivers a seamless, secure and sustainable experience. Whether inventing the copier, the ethernet, the laser printer or more, Xerox has long defined the modern work experience. Learn more at www.xerox.com at http://www.xerox.com/ and explore our commitment to diversity and inclusion. at https://www.xerox.com/en-us/jobs/diversity
This position supports the Governance, Risk and Compliance (GRC) management processes within Xerox Cyber Security organization. The qualified candidate is responsible for building and deploying effective policies, processes and controls across the enterprise in collaboration with business, IT and other Cyber Security professionals.
Support the developmentand maintenance of Cyber Security policies, standards, and guidelines inalignment with applicable laws, common security frameworks and leadingpractices
Participate in developmentof training curriculum, conduct security awareness campaigns and evaluate theireffectiveness
Facilitate the executionand continuous improvement of third-party risk management program and processes
Conduct gap assessmentsand facilitate management of compliance programs including ISO 27001, PCI,FedRAMP, SOC1, SOC2, GDPR, etc.
Oversee and coordinate theIT and business compliance to Disaster Recovery / Business Continuity policy
Review and manageexceptions to Cyber Security policies
Assist in the developmentand delivery of dashboards and actionable reporting, KRIs and KPIs
Review, conduct, orparticipate in audits of security programs and projects
Knowledge and Skills Required:
Strong knowledge of and experience in security requirements, standards and practices including NIST CSF, NIST 800-53, ISO 27001, PCI DSS, SOC2 , COBIT, GLBA, SOX, GDPR, OWASP Top 10, SANS Top 25, etc.
Strong understanding of and/or prior experience in one or more of the following:
Security Governance and Policy Management
Risk Assessment, Treatment and Management
Third Party Risk Management
IT Disaster Recovery/ Business Continuity
Security Training and Awareness
Security Compliance Management
A broad understanding across security domains
Prior experience in developing or implementing common controls framework would be a huge plus
Ability to document, follow, execute and continually improve a detailed process
Strong organizational and attention to detail skills
Strong written and oral communication skills
Experience working across multiple teams on projects
Demonstrated ability to handle multiple open items of varying size concurrently
Ability to communicate with all levels of management
Uncompromising personal and professional integrity and ethics
Education and Experience Required:
B.S in computer science, information systems, information security, engineering or related field.
At least 5 years of related experience
One or more Industry-standard security certifications (such as CISSP, CISM, CISA, CRISC, CTPRP)
Title: Governance, Risk Management and Compliance Security Analyst
Location: North Carolina-Cary
Requisition ID: 20000641
Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law.