Security Compliance Auditor

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we've expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today's global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com.

A Security Compliance Auditor is responsible for ensuring that policies, processes, and operations meet set standards and regulations for security and data protection. This role is responsible for assessing compliance in company environments, developing security controls to address the security risks, and working with IT and all business units on complying with the policies through awareness and engagement.

Job Responsibilities:

• Complete internal audits for ongoing security and compliance requirements and contractual agreements and evaluate impact of changing regulations for ISO 27001, CMMC, FedRamp and others.
• Conduct and document interviews, document controls testing, and gather evidence from stakeholders at various levels in the company.
• Evaluate the adequacy and effectiveness of security controls, evaluate potential risks and risk management practices, and governance processes.
• Identify control weaknesses, process inefficiencies, and compliance gaps, and formulate strategies to ensure compliance and mitigate risks.
• Assist with coordination of external security audits for ISO 27001, SOC 2, and others.
• Prepare clear, accurate audit reports and present findings and recommendations to management.
• Track and validate management's corrective actions for previously reported audit issues.
• Work independently on assigned tasks and projects with minimal management oversight and guidance.
• Strengthen security awareness by educating users on risk, security requirements, and processes.
• Work in a team setting to understand and cross-train on governance and risk activities.
• Support special projects and advisory engagements, as assigned.
  
  

Job Requirements:

Competencies, Skills, Knowledge & Abilities:

• Knowledge of security controls frameworks such as ISO 27001 and SOC 2, best practices and principles for cybersecurity
• Knowledge of IT Security Risk Frameworks, such as NIST Cybersecurity Framework and CIS 18
• Ability to thrive in team environments
• Strong understanding of security controls and audit methodologies
• IT background and knowledge of IT business systems
• Ability to own initiatives with minimal direct supervision
• Strong analytical and data analysis skills
• Executive presence, and effective communication, presentation, and interpersonal skills
• Ability to perform root cause analysis and make sound and timely decisions to resolve problems
• Ability to work across different departments and communicate with end users
• Appropriately use and protect confidential information acquired in the course of the job
• Ability to learn new concepts and information on a frequent basis
• Excellent organizational, documentation, and project management skills with attention to detail
• Proven ability to manage multiple priorities
• Knowledge of OneTrust tool is a plus
  
  

Education and Experience

Required

• 3-5 years of experience in Compliance/Audit
• Bachelor's degree in Information Systems, Risk Management, IT, MIS, Computer Science, or similar technical fields
  
  

Preferred

• 6-10 years of relevant experience
• ISO 27001 Lead Auditor, CISA, CISM, CIA, or similar professional certification