Xerox Security Monitoring Analyst in Karnataka, India
Xerox is a global business services, technology and document management company helping organizations manage their business processes and information. Since the invention of xerography just over 75 years ago, we have continued engineering how the world works by applying our experience in imaging, business process, analytics, automation and human centric design to make a real difference for our customers and their customers. We have changed the way the world shops, learns, parks, does banking, receives healthcare and, of course – works.
Headquartered in Norwalk, Conn., Xerox has more than 140,000 employees and does business in more than 180 countries. Together, we provide business process services, printing equipment, hardware and software technology for managing information -- from data to documents. Learn more at www.xerox.com.
Purpose: • Responsible for planning and implementing risk management strategies, processes and programs. Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants. • The implementation of organization-wide processes and procedures for the management of operational risk. • The development of, execution of, and consulting on information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems. • The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. • This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.
Scope: Specific: • Autonomy: • Works under general supervision. • Uses discretion in identifying and resolving complex problems and assignments. • Specific instruction is usually given and work is reviewed at frequent milestones. • Determines when problems should be escalated to a higher level. • Influence: • Interacts with department/project team members. • Frequent external contact with customers and suppliers. • Decisions may impact work assigned to individual/phases of project. • Complexity: • Specialized range of work, of relatively less complexity and standard, in variety of environments. General: • Builds knowledge of the organization, processes and customers • Requires knowledge and experience in own discipline; still acquiring higher level knowledge and skills • Receives a moderate level of guidance and direction • Moderate decision making authority guided by policies, procedures, and business operations protocol
Primary Responsibilities: • Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Coordinates the development of countermeasures and contingency plans. • Investigates suspected attacks and recommends remedial action or escalation. • Monitors actions to investigate and resolve incidents and problems in systems and services. • Assists with the implementation of agreed remedies and preventative measures. • Conducts security risk assessments for defined business applications or IT installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural and technical controls (e.g. the key controls defined in BS7799). • Maintains knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks. Implements and administers risk management technologies and process controls in a given specialism, and conducts compliance tracking. The specialism can be any area of information or communication technology, technique, method, product or application area. • Specific Tasks: • Business Risk Management • Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business. • Refers to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment. • Co-ordinates response to quantified risks, which may involve acceptance, transfer, reduction or elimination. Assists with development of agreed countermeasures and contingency plans. • Monitors status of risks, and reports status and need for action to senior management. • Information Assurance • Assesses security of information and infrastructure components. Investigates and assesses risks of network attacks, data loss, compromise of data integrity, or risk of business interruption, and recommends remedial action. • Reviews compliance to information security policies and standards. Assesses configurations for adherence to legal and regulatory requirements. • Reviews security alerts, network usage logs, and other sources of incident information, to identify unacceptable usage, and breaches of privileges or corporate policy. Recommends appropriate action. • Communicates information assurance issues effectively to users and operators of systems and networks. • Risk Management • Initiates the implementation of agreed remedies, in close liaison with the help desk, configuration management and asset management functions. • Applies and maintains specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems. • Determines when security issues should be escalated to a higher level. • Provides information and advice, such as reporting on achievement of risk management metric targets. • Analyzes incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance. Assesses and reports the probable causes of incidents and consequences of existing problems and known defects. • Conducts security control reviews in well defined areas. • Develops and maintains knowledge of the technical specialism by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies. • Maintains an awareness of current developments in the technical specialism. • Identifies opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible. • Carries out specific assignments related to the technical specialism, either alone or as part of a team. • Maintains knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency.
Candidate Education: Minimum Bachelor's Degree Computer Science, Information Systems, or related field.
Professional Certifications: Preferred Technical certifications such as CISSP, SANS GSEC, CIPP, FBCP are desired.
Candidate Background: Minimum Relevant experience in Information Technology. Minimum Experience or training in a risk management specialism desired. Minimum Understands and uses appropriate methods and tools and applications. Minimum Demonstrates analytical and systematic approach to problem solving. Minimum Contributes fully to the work of teams. Minimum Can plan, schedule and monitor own work. Minimum Is able to absorb and apply new technical information. Minimum Is able to work to required standards and to understand and use the appropriate methods, tools and applications. Minimum Show aptitude for learning about other areas of information technology and how they relate to risk management. Minimum Has a basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity. Minimum Is able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means. Minimum Can solve common problems in area of expertise, and knows how to get answers outside of that area. Minimum Is familiar with the principles and practices involved in development and maintenance and in service delivery. Minimum Has good technical understanding and the aptitude to remain up to date with IS security and developments. Minimum Possesses a general understanding of the business applications of IT. Minimum Is proficient in both written and oral communication. Minimum Demonstrates basic knowledge of information security principles. Minimum Has experience or training as an administrator of IT systems, databases, or processes.
Additional Role Requirements: Information Security Domain Basic understanding of at least 5 out of the following 10 security domains: Access Control Systems and Methodology Telecommunications and Network Security Business Continuity Planning and Disaster Recovery Planning Security Management Practices Security Architecture and Models Law, Investigation, and Ethics Application and Systems Development Security Cryptography Computer Operations Security Physical Security One or more of the following industry certifications desired: CISSP, GSEC, CISA, GCIH, GCFA, GCFW, GCWN or other related certification. Disaster Recovery Domain Basic understanding of at least 5 out of the following 10 Business Continuity domain areas: Project Initiation and Management Risk Evaluation and Control Business Impact Analysis Developing Business Continuity Strategies Emergency Response and Operations Developing and Implementing Business Continuity Plans Awareness and Training Programs Exercising and Maintaining Business Continuity Plans Public Relations and Crisis Coordination Public Relations and Crisis Coordination Coordinating with External Agencies One of the following industry certifications desired: ABCP, CFCP or other related certification.
Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to email@example.com. Be sure to include your name, the job you are interested in, and the accommodation you are seeking.
Job: IM Security
Organization: Xerox (XT)-X000000152
Title: Security Monitoring Analyst
Requisition ID: 16027049