Cyber Security GRC Lead

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power today’s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients — no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.

Summary:

This position supports the Governance, Risk and Compliance (GRC) management processes within the Xerox Cyber Security organization.

Primary Responsibilities:

• Support the development and maintenance of Cyber Security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices
• Participate in development of training curriculum, conduct security awareness campaigns and evaluate their effectiveness
• Review and revise security policy and standards at a regular cadence
• Conduct gap assessments and facilitate the management of compliance programs including ISO 27001, PCI, FedRAMP, SOC1, SOC2, etc.
• Carries out risk assessment within a defined functional or technical area of business.
• Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business.
• Applies standard procedures to enhance security or resilience to system interruptions.

Knowledge and Skills Required:

• Strong knowledge of and experience in security requirements, standards and practices including NIST CSF, NIST 800-53, ISO 27001, PCI DSS, SOC2, COBIT, GLBA, SOX, GDPR, OWASP Top 10, SANS Top 25, etc.
• Strong understanding of and/or prior experience in one or more of the following:
• Security Governance and Policy Management
• Risk Assessment, Treatment and Management
• Third-Party Risk Management
• Security Training and Awareness
• Security Compliance Management
• A broad understanding across security domains
• Prior experience in developing or implementing common controls framework would be a huge plus
• Ability to document, follow, execute and continually improve a detailed process
• Strong organizational and attention to detail skills
• Strong written and oral communication skills
• Experience working across multiple teams on projects
• Ability to communicate with all levels of management

Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity or expression, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. Learn more at www.xerox.com and explore our commitment to diversity and inclusion! People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to [email protected]. Be sure to include your name, the job you are interested in, and the accommodation you are seeking.

© 2020 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries.