Security Risk Analyst

About Xerox Holdings Corporation

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we've expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today's global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com.

A Security Risk Analyst is responsible for assessing information security risks in company environments, developing security controls to address the security risks, and working with IT and all business units on complying with the policies through awareness and engagement. This role is responsible for supporting the risk management process and security compliance requirements.

Job Responsibilities:

• Support the third-party risk management program by performing vendor assessments, reassessments, critical supplier reviews, and ongoing monitoring.
• Complete risk assessments based on CIS 18 and NIST CSF frameworks, assist risk owners to create risk treatment plans and follow up on deadlines, assist with analyzing data and creating risk charts for senior management.
• Regularly evaluate potential risks and formulate strategies to mitigate and reduce identified risks.
• Work closely with various departments to communicate risk status and integrate risk management strategies into their operations.
• Prepare comprehensive reports on risk assessment findings and action plans and present them to management and stakeholders.
• Work independently on assigned tasks and projects with minimal management oversight and guidance.
• Communicate with personnel and management at various levels across the organization and in other geographies.
• Communicate results and project status effectively to management.
• Strengthen security awareness by educating users on risk, security requirements, and processes.
• Work in a team setting to understand and cross-train on governance and compliance activities.
• Execute special projects, as assigned.
  
  

Job Requirements:

Competencies, Skills, Knowledge & Abilities:

• Knowledge of IT Security Risk Frameworks, such as NIST Cybersecurity Framework and CIS 18.
• Familiarity with security controls frameworks such as ISO 27001 and SOC 2, including best practices and cybersecurity principles.
• Understanding of privacy control frameworks such as GDPR, DORA, NIS2, and EU Data Act.
• IT background and knowledge of IT business systems.
• Ability to own initiatives with minimal direct supervision.
• Strong analytical and data analysis skills.
• Demonstrates executive presence, effective communication, presentation, and interpersonal skills.
• Ability to perform root cause analysis and make sound, timely decisions to resolve problems.
• Capable of working across departments and communicating with end users.
• Appropriately uses and protects confidential information acquired in the course of the job.
• Quick to learn new concepts and information on a frequent basis.
• Excellent organizational, documentation, and project management skills with attention to detail.
• Proven ability to manage multiple priorities.
• Knowledge of OneTrust tool is a plus.
  
  

Education and Experience

Required

• 3-5 years of experience in IT, Cybersecurity Governance, Risk, or Compliance/Audit role
• Bachelor's degree in business, Risk Management, IT, MIS, Computer Science, or similar technical field
  
  

Preferred

• 6-10 years of relevant experience
• CRMA, CISSP, CISA, CISM, CySA+ or similar professional certification