Job expirat
Duties and Responsibilities:
The Security Controller role will perform the on-going management of policies, procedures, and technical controls in order to maintain the confidentiality, integrity and availability of information systems.
In addition to the operational role, the Security Controller will be involved with business audits and projects, both IT and non IT, in sales activities working with the sales team, and in the design of solutions to deliver business services securely to the customer.
Security activities will include identifying security requirements for complex applications, developing solution options with the software and infrastructure teams, and ensuring that the design of security solutions incorporates corporate policy and EU regulation.
The role requires a mature rather than technical approach to security, with the ability to translate security best practice, legislation and technology into the everyday business process.
The Security Controller will:
• Manage information security risk in the organisation
• Define, design, execute and optimise security controls
• Facilitate internal and external security audits
• Provide expert advice to other departments both business and technology
• Liaise with customers to deliver security solutions
• Be the first point of contact for security incidents
• Ensure compliance with Xerox Security Standards
• Ensure Disaster Recovery and Business Continuity preparedness
• A relevant degree, 2-3 years’ experience in an IT Security role
• Excellent written and verbal communication skills in English.
• Relevant and current knowledge of security issues, approaches and standards (e.g. ISO27001, ISO17799, SAS70/SSAE16, Sarbanes Oxley is highly desirable)
• Knowledge of infrastructure and application security requirements and ability.
• In depth knowledge of common application platforms, security technologies and of the application of formal methodologies and frameworks such as COBIT, ITIL or OWASP.
• Clear understanding of security methodologies, EU regulation and requirements, best practice and industry standards, and ability maintain and further develop procedure.
• Understanding of security concepts and requirements in the web security space and also experience of the practical implementation of such controls into the live environment.
• Experience in review and advising on full life cycle of architecture development projects from plans, proposals, and designs to implementation.
• Technical experience of working within a system administration, or similar role in multi-vendor environments is advantageous.
Preferred skills:
• Prior experience in designing and delivering cloud computing based solutions covering public/private clouds
• Relevant security certification such as CompTIA Security+, CISA, CISM or CISSP.
With sales approaching $23 billion, Xerox (NYSE: XRX) is the world’s leading enterprise for business process and document management. Its technology, expertise and services enable workplaces – from small businesses to large global enterprises – to simplify the way work gets done so they operate more effectively and focus more on what matters most: their real business. Headquartered in Norwalk, Conn., Xerox offers business process outsourcing and IT outsourcing services, including data processing, healthcare solutions, HR benefits management, finance support, transportation solutions, and customer relationship management services for commercial and government organizations worldwide. The company also provides extensive leading-edge document technology, services, software and genuine Xerox supplies for graphic communication and office printing environments of any size. The 140,000 people of Xerox serve clients in more than 160 countries.
