Xerox Analyst II, IM Security in Kerala, India
Xerox Corporation (NYSE: XRX) is an $11 billion technology leader that innovates the way the world communicates, connects and works. Our expertise is more important than ever as customers of all sizes look to improve productivity, maximize profitability and increase satisfaction. We do this for small and mid-size businesses, large enterprises, governments, graphic communications providers, and for our partners who serve them. We understand what’s at the heart of work – and all of the forms it can take. We embrace the increasingly complex world of paper and digital. Office and mobile. Personal and social. Every day across the globe – in more than 160 countries – our technology, software and people successfully navigate those intersections. We automate, personalize, package, analyze and secure information to keep our customers moving at an accelerated pace.
The Application Security team is part of the Global Security Services organisation responsible for the defining the security strategy aligned to the business directives and vision of the company.
The role reports to the Application Security team which has responsibilities for the security architecture, secure design and build and monitoring and maintaining robust configurations and secure baseline which underpins our layered defence.
The role will have increased focus on SAP and non-SAP ERP managed applications which include but is not limited to on-Premise and SaaS Applications, and centrally supported systems covering Business operations and entities across Xerox, and primarily in International Operations. The current SAP systems are implemented in over 20 countries in Europe and Developing Market Operations countries that make up the International Operations region and is used to deliver, business operations, solutions, management reporting and legal accounts.
The role has responsibility for establishing, revising and maintaining general computer controls, platform security, access control and authentication protocols, communication security, and ensuring Xerox Information security and compliance policies are adhered to across the managed portfolio of systems. There is also a particular focus on the access controls and utilization of governance, risk and compliance tools, including SAP GRC, QRadar, and other threat detection and security management tools to ensure visibility, governance and compliance management.
Protect Xerox confidential data; Information Systems and Audit tools.
Monitor Third Party Service Provider to ensure compliance to agreed policies, processes and procedures for Security & Authorisation including Oracle Database Compliance. This may include attendance and participation at quarterly reviews.
Assist Country Financial Controllers with SAP and other ERP Applications Security and Authorisation processes to ensure they are adhered to for both Internal and External Audits,
Assist the approval process and development of Roles and Profiles to ensure compliance with agreed Security and Authorisation, and Change Management guidelines.
Responsible for ensuring SAP and other ERP Applications changes/new implementations/upgrades conform to all Security and Authorisation Standards, which include compliance to segregation of duties and to rules and restrictions for sensitive transactions.
Perform periodic reviews by monitoring Application and Database Security Logs and follow up on application security issues/vulnerabilities to ensure continuous compliance.
Support systems and platform security configurations review.
Review changes to Xerox IT Security and Compliance policies, and initiate / track compliance actions to completion.
Support maintenance of local Process Design Documents, policies and procedures.
Actively participate in the change Programmes to ensure solution design and implementation complies with internal and external requirements.
Provide periodic feedback to Application Security Manager/Director on key Security Metrics, Risks and Issues.
Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies.
Support the implementation of organization-wide processes and procedures for the management of security risk.
Play a key role in the development of and execution of information security risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Pursue resolution of incidents and problems throughout the information system security lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
Carries out application security risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Coordinates the development of countermeasures and contingency plans.
Applies standard procedures to enhance security or resilience to system interruptions. Can take immediate action in an incident to limit business impact and escalates event to higher authority.
Applies and maintains secure risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems. Determines when issues should be escalated to a higher level.
Demonstrates effective communication of risk management issues to business managers and others.
Carries out specific assignments related to the technical specialism, either alone or as part of a team.
Graduation in specialized field (Example: Bachelor of Engineering etc.) Computer Science, Information Systems, or related field.
Preferred Technical certifications such as SAP S&A and/or BASIS Security, CISSP are desired.
Minimum Significant experience in Information Technology, which includes substantial experience in a risk management specialism.
Minimum Understands and uses appropriate methods and tools and applications.
Minimum Demonstrates analytical and systematic approach to problem solving.
Minimum Takes initiative in identifying and negotiating appropriate development opportunities.
Minimum Contributes fully to the work of teams.
Minimum Can plan, schedule and monitor own work.
Minimum Is able to absorb and apply new technical information.
Minimum Is able to work to required standards and to understand and use the appropriate methods, tools and applications.
Minimum Appreciates wider field of information systems, how own role relates to other roles and to the business.
Minimum Has a basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity.
Minimum Is able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means.
Minimum Has an analytical and creative approach to problem solving.
Minimum Is familiar with the principles and practices involved in development and maintenance and in service delivery.
Minimum Has good technical understanding and the aptitude to remain up to date with IS security and developments.
Minimum Possesses a general understanding of the business applications of IT.
Minimum Is effective and persuasive in both written and oral communication.
Minimum Demonstrates basic knowledge of information security principles.
Minimum Has experience in moderate to large technology implementations and background as an administrator of IT systems, databases, or processes.
Additional Role Requirements:
Information Security Domain
Basic understanding the following 10 security domains with technical expertise in at least one of the domain areas:
SAP ERP Security and General Application Security Knowledge
Access Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Computer Operations Security
One or more of the following industry certifications desired: CISSP, GSEC, CISA, GCIH, GCFA, GCFW, GCWN or other related certification.
Relevant industry standards awareness / governmental regulations awareness
Disaster Recovery Domain
Basic understanding of the following 10 Business Continuity domain areas with technical expertise in at least two of the domain areas:
Project Initiation and Management
Risk Evaluation and Control
Business Impact Analysis
Developing Business Continuity Strategies
Awareness and Training Programs
Exercising and Maintaining Business Continuity Plans
One of the following industry certifications desired: ABCP, CFCP or other related certification.
Relevant industry standards awareness / governmental program awareness.
Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. Learn more at www.xerox.com at https://www.xerox.com/ and explorer our commitment to diversity and inclusion! at https://www.xerox.com/en-us/jobs/diversity People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to XeroxStaffingAdminCenter@xerox.com. Be sure to include your name, the job you are interested in, and the accommodation you are seeking.
© 2019 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries.
Title: Analyst II, IM Security
Requisition ID: 19004739