Xerox Cyber Security Risk Management Director in Raleigh, North Carolina
Purpose & Primary Responsibilities :
Highly-skilled information security, cyber, technology, and risk management professional that applies that experience with sound judgment to deliver high-impact analysis and recommendations resulting in cyber risk reduction.
Lead the Cyber Risk Management Program to provide oversight, analysis, effective challenge, and risk-informed recommendations.
Provide and manage the completion of technical assessments of the effectiveness and design of cybersecurity controls. Report on the results at the asset/technical level, system, business process, organization and enterprise level.
Provide and manage the Third-Party Risk Management Program.
Provide and maintain the GRC Tool.
The Cyber Risk Management Director has corporate responsibility to direct and oversee all enterprise information security risk assessment, risk remediation, and third-party cyber risk management functions . This position reports to the CISO and has up to 10 direct reports.
Work closely with business and technology counterparts to understand enterprise objectives, initiatives, and cyber information security risk.
Prepare Risk scores and postures for senior management and other stakeholders, to include regulatory agencies and the Board of Directors / Audit Committee, as needed.
Manage a team of Risk Managers and analysts. Set vision and direction, manage performance and career development of the team.
Manage the Risk Manager and analysts to oversee the enterprise cyber information security risk management lifecycle including the completion of risk assessments, planning, treatment, tracking, and control
Manage the Third-Party Cyber Risk Assessment manager and team to help drive cyber risk scoring of third-party suppliers and vendors.
Stay current on emerging cyber threats and risk management approaches.
Responsible for working with stakeholders and leaders across multiple organizations to perform cyber risk management responsibilities.
Makes recommendations concerning risk factors, mitigation controls and remediation plans within our cyber security framework and with other global security peers in Cyber Security Operations, Governance and Compliance
Candidate Education & Experience :
BS in Computer Science, Information Security, Information Systems, or a related field
5 years of professional experience in multiple IT security disciplines (e.g. compliance and risk management, vendor risk assessment/management, data privacy, data security/protection, security controls, business continuity management/disaster recovery, or leading and/or building information security risk management programs that comply with regulations)
3 years of hands on experience using GRC, risk quantification and financial analysis tools and technologies.
3 years of experience leading and executing information security risk assessment activities for large enterprise.
At least 3 years of professional experience managing at least two or more individuals
Desired Professional Qualifications:
One or more Industry-standard security certifications (e.g. CRISC, CISSP, CISM, CISA, CGEIT, etc.)
Background and understanding with Audit, Compliance or Governance experience.
Background in developing, documenting, and maintaining security policies, processes, procedures and standards.
Techniques: IT audit risks, security risk assessment, assessing IT risk, designing IT controls, business process controls, general process controls
Standards: Knowledge of COBIT at http://www.isaca.org/COBIT/Pages/COBIT-5.aspx , ISO/IEC 27001, NIST framework, SANS, ITIL
Regulations: US Sarbanes-Oxley, GLBA, HIPAA/HITECH, privacy and EU Data Protection Directive
GRC applications and tools
Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to XeroxStaffingAdminCenter@xerox.com. Be sure to include your name, the job you are interested in, and the accommodation you are seeking.
Title: Cyber Security Risk Management Director
Location: North Carolina-Raleigh
Requisition ID: 19003775