'Europe-GB-Security-ID793-Audit, Risk and Compliance officer-JL09

Job Description:

Key Responsibilities

• The position supports the Security Delivery Lead (SDL) for all aspects of information security delivery and audit compliance.
• Support the implementation of account security policies and standards; write and maintain account security-related procedures and work instructions.
• Support security assessments and vulnerability scans, analyzing data, generating reports and action items for DXC Delivery team action.
• Support DXC and client-initiated business and security audits and engaging DXC Delivery teams to gather and report supporting audit evidence; includes, but not limited to SOC1 and LAW 262.
• Perform internal security audits on DXC services within the account and report findings.
• Perform security Service Level Agreement (SLA) data gathering, analysis and reporting, including, but not limited to, major security incidents, server and EUC security patching, AV and security training.
• Collaborate with the DXC Delivery and Security team on documentation and process improvements.
• Participate in security and service incident response activities and assisting with investigations as required.
• Oversee the Joiners-Movers-Leavers (JML) activity in support of account onboarding and offboarding. Approval and monitoring of security clearances within the DXC account team.
• Represent the SDL, as required, at Operational Service Reviews and Change Management Boards.
• Deliver account security awareness training and manage and perform relevant export control briefings for DXC account personnel; track evidence of completion and reporting as required.

Mandatory Skills

• Experience with interpreting and applying appropriate Standards, Policies and Legislation, (e.g. ISO27001, DPA, GDPR, NIST etc.) and confirmed by respective certifications or relevant experience.
• Experience with interpreting and applying appropriate UK HMG, NCSC etc. security policies and standards at all levels of classification.
• Working knowledge of Cyber Essentials and Cyber Essentials Plus requirement implementation and testing.
• Ability to work effectively with all levels of DXC and client security and service delivery personnel.
• Good interpersonal, communication and analytical skills and customer centric focus.
• Demonstrated ability to take accountability and to work autonomously.

Expected Skills

• Industry recognized security qualification(s), for example ISACA Certified Information Security Auditor (CISA), ISACA Certified Information Security Manager (CISM), ISO 27001 Implementation/Lead Auditor or ISC2 Certified Information Systems Security Professional (CISSP).
• 5+ years of professional IT experience (with at least 4 years of professional experience on positions related to the security domain – GRC (Governance, Risk and Compliance), audit management and process management are preferred).
• Experience of enterprise risk management methodologies/techniques development and implementation. Experience of risk analysis output’s implementation into Information Security processes.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.

Originally posted on Himalayas