Xerox IT Security Compliance Management in Germantown, Maryland

Xerox Corporation is a $22 billion leading global enterprise for business process and document management. Through its broad portfolio of technology and services, Xerox provides the essential back-office support that clears the way for clients to focus on what they do best: their real business. Headquartered in Norwalk, Conn., Xerox provides leading-edge document technology, services, software and genuine Xerox supplies for graphic communication and office printing environments of any size. Through ACS, A Xerox Company, which Xerox acquired in February 2010, Xerox also offers extensive business process outsourcing and IT outsourcing services, including data processing, HR benefits management, finance support, and customer relationship management services for commercial and government organizations worldwide. The 130,000 people of Xerox serve clients in more than 160 countries.

The Xerox State and Local Solutions Group, has an opening for an IT Security Compliance Management professional in its Germantown, MD Transportation Technology Center. This position is part of the Transportation, Central & Local Government team that is responsible for providing compliance services to state and local governments. The environment is fast paced and dynamic, requiring the ability to respond quickly to changing priorities across multiple projects. The successful candidate will have excellent verbal and written communication skills along with a demonstrated ability to meet schedules and multi-task.

Prior experience should include management and oversight of regulatory and internal requirements in key IT areas including PCI and third party service provider compliance (i.e., SSAE 16) for the Transportation, Central and Local Government sectors. This position requires broad exposure to various compliance frameworks and industry verticals, but requires deep expertise in Retail (PCI), Healthcare (HIPAA) and/or Financial Services (GLBA, SEC, etc.). Candidate should have experience in banking, technology, medical or pharmaceutical industries or come from a big four consulting firm.

POSITION DESCRIPTION: IT Security Compliance Management

Duties and Responsibilities:

  • Assisting with the design, implementation and management of the SOX 404, SSAE 16 and PCI audit processes for the customer solutions across Transportation State and Local Government.

  • Provide PCI/DSS expertise and guidance to project team.

  • Evaluate reports performed by PCI SSC approved security companies including PCI DSS Reports of Compliance (ROC), Approved Scanning Vendor (ASV) Scan Reports, and PCI PA-DSS Reports of Validation (ROV).

  • Document and present issues and findings to leadership and provide status reports for consistent findings and proposed solutions.

  • Work closely with team members to document current IT control environments for state and local government entities. Instruct team members in appropriate control rationalization and test evidencing techniques.

  • Document processes relating to Service Organization Controls (SOC) 1 and 2 control structure and sufficiency.

  • Provide guidance and support to clients in response to requests from external auditors, and provide guidance on internal control procedures to business process owners.

  • Plan, coordinate, lead and manage PCI DSS assessments and SSAE16 assessments for Transportation Technology Center (TTC).

  • Work closely with assessors to project manage the process from initiation to final report delivery.

  • Obtain quote from assessment firms, finalize approvals and scheduled assessments.

  • Ensure teams from development, IT and Operations are compliant and prepared for assessments.

  • Post-audit work with project and IT teams, drive remediation of findings.

  • Plan, schedule and coordinate internal and external penetration test. Track and drive remediation of penetration tests.

  • Coordinate certified PCI scans, ensure passing scan for each quarter, and drive remediation of scans.

  • Use JIRA to track and analyze security and audit issues across programs, looking for cross-project gaps, and opportunities for improvement.

  • Work closely with Information Security Manager in the implementation and use of enterprise security tools.

  • Identify and implement opportunities to streamline and automate security and other operational processes.

  • Contribute to metrics and the security team’s dashboard initiative.

  • Be integral part of team through ownership; follow thru and effective communication with peers/management.

Qualifications:

  • B.S. in Accounting Information Systems, Management Information Systems or Computer Science

  • 5 years of related experience within professional services, IT internal/external audit

  • Experience with responding to readiness assessments for regulatory and compliance requirements like PCI, SSAE 16, Privacy laws and others

  • Knowledge of and in-depth understanding of PCI DSS and PA DSSorknowledge of Sarbanes-Oxley, HIPAA, GLBA, FISMA, or FISCAM

  • Demonstrated ability to manage multiple assignments and deadlines

  • Advanced understanding of business processes, internal control risk management, IT controls and related standards

  • Demonstrates ability to plan and manage engagements along with ensuring deliverables meet work plan specifications and deadlines

  • Proficient in PowerPoint, Word, Excel; Experience with Visio and MS Project

  • Successful experience identifying and evaluating information technology controls

  • Demonstrated ability to write report segments and to participate in presentations

  • Excellent communication skills and significant attention to detail (both written and verbal)

  • Ability to work independently and effectively with all levels of staff and management both internally and externally

Desired:

  • CIPP, CRISC, CISA, CISSP or CISM certification

  • Knowledge of ISO standard such as ISO9001, ISO27001, and quality initiatives like Lean Six Sigma

  • Familiarity with workflow and collaboration tools such JIRA, SharePoint and Service Center

Xerox Business Services, LLC is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by Federal or State law or local ordinance. People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox Business Services, LLC may request such accommodation(s) by sending an e-mail to accommodations@xerox.com .

#A1

#A3

Job: IM Security

Organization: PS Transportation PDSI

Title: IT Security Compliance Management

Location: Maryland-Germantown

Requisition ID: 16029527

Virtual/work from home? No