Director, Risk & IT Compliance
Xerox
General Information City Cary State/Province North Carolina Country United States Department Information Management Date Tuesday, September 24, 2024 Working time Full-time Ref# 20034134 Job Level Department Leader Job Type Experienced Job Field Information Management Seniority Level Director Currency USD - United States - US Annual Base Salary Minimum 135,300 Annual Base Salary Maximum 270,600 The salary range above represents the low and high end in the local currency of Xerox’s salary range for this position and is reflected in an annualized amount. Actual salaries will vary based on factors including, but not limited to, geographic location, market competition, and/or the successful applicant’s education, experience, knowledge, skills, and abilities. The range listed is just one component of Xerox’s total compensation package for employees. Employees are also afforded a comprehensive suite of benefits, to view those details please visit Xerox Careers for your applicable country. If you are not reviewing this job posting on Xerox Careers, we cannot guarantee the validity of this posting. For a list of our current internal postings, please visit Xerox Careers.
Monthly: Monthly rates for this position can be shared with you per your location, this rate will fall within the posted range. Description & Requirements About Xerox Holdings Corporation
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power today’s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients — no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.
The Role
The focus of this role is Global IT compliance, risk, and audit. Xerox’s goal is applying global IT industry best practices, enabling Xerox to instill the business with new insights regarding global data, business risk, compliance, and information security. Xerox provides and delivers products, services and hosts direct consumer data - hence exposure to potential threats is high and adherence with global regulatory mandates is essential. This position will assess and remedy the effectiveness of internal IT controls, including those resulting from Sarbanes-Oxley (SOX) and shall work closely with internal and external audit teams, internal controls, the IT department, steering committees, accountants, and other key stakeholders to ensure strict compliance with relevant sections of the Sarbanes-Oxley Act of 2002.
Position Description
From a Global and Enterprise wide perspective – will support development and oversight of IT SOX related policies and procedures for the general operations and its related activities.Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future.
Maintains an effective Global compliance communication program for the IT organization, including promoting (a) use of the Compliance reporting; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related regulations, policies, and procedures.
Monitors the performance of the Global IT SOX Compliance Program and related activities on a continuing basis, taking appropriate steps to improve its effectiveness.
Supports IT activities associated with the annual SOX testing and management of internal and external audit findings, through issue closure.
Partner with IT Senior Leadership, internal company audit staff and external auditors to analyze, evaluate, prioritize, and implement necessary technologies or technology related process improvements and modifications (may include manual controls and implementation of automation).Supervise both employees and third-party contractors and companies. Must be capable of working within a matrixed environment, interfacing with both internal and external professionals at all levels of management. Reports directly to CIO.
Team responsibility: 5 Direct and 10 indirect reports
Typical Tasks
IT Compliance
Manage IT Compliance Team, responsible for:
IT compliance control monitoring and testing activities to determine effectiveness of the controls and ensure deficiencies are remediated IT compliance issue management tracking and resolution process to remediate, according to severity and potential impact to the organizationDetermine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirementsMonitor third-party adherence to IT compliance requirements and address instances of noncompliance including obtaining proof of required industry standard certification or report (e.g.: ISO, Service Organization Control Reports [SOCR], PCI, GDPR, CCPA, DSS)
Collaborate and integrate with other compliance and risk management functions across the enterprise: Internal Audit, Internal Controls, Enterprise Risk Management, Legal & Corporate Compliance and CISO Organization
Function as a liaison to coordinate activities in support of audits and regulatory compliance evaluations including remediation reporting and monitoring
Assess any related external frameworks or standards (e.g.: ITIL, COBIT, NIST, ISO) or internal standards (e.g.: code of conduct and use) to determine applicability and define the relevant IT compliance requirements
Monitor third-party adherence to IT compliance requirements and address instances of noncompliance including obtaining proof of required industry standard certification or report (e.g.: ISO, Service Organization Control Reports [SOCR], PCI, GDPR, CCPA, DSS)
Lead project teams in the development of functional and technical requirements to automate risk and compliance initiatives.
IT Risk Management
Manage the risk-related activities across the IT organization, including testing, reporting and recommending appropriate remediation measures. Manage alignment of enterprise business risks with the IT risks based on the IT infrastructure that supports the business processesDesign, conduct, and review risk assessments to analyze the design and effectiveness of IT control activitiesManage the reporting of IT risk assessment results with actionable recommendationsOversight and monitoring of IT risk mitigation and coordination of policy and controls with the Xerox IT leadership team, to ensure that effective processes and controls are being designed and implemented, inclusive of representing the current IT and business environmentCreate, disseminate and (as required) update documentation of the company’s identified IT risks and controls IT Risk Governance Coordinate IT risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizationsFacilitate the creation, modification, and communication / socialization of all IT policies and standardsAssist to define and monitor IT risk and compliance training programsTrack and report on metrics and activities involving IT risk, security and compliance activities, inclusive of monitoring KRIs and KPIsAssist with the creation of Board and Risk Committee presentations, including providing periodic updates to the Board and Risk Committee
IT Risk Governance
Coordinate IT risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizationsFacilitate the creation, modification, and communication / socialization of all IT policies and standardsAssist to define and monitor IT risk and compliance training programsTrack and report on metrics and activities involving IT risk, security and compliance activities, inclusive of monitoring KRIs and KPIsAssist with the creation of Board and Risk Committee presentations, including providing periodic updates to the Board and Risk Committee
Technical Skills
The Director, IT Risk & Compliance acts as subject matter expert and leader that works directly with the IT Senior leadership team and Xerox Management Audit Committee. The role will monitor and report results of the compliance/ethics efforts of the company and provide guidance for the senior management team on matters relating to SOX compliance. Together with the Xerox Management Audit Committee, implements necessary actions to ensure achievement of the objectives of an effective IT compliance program.
Understands the industry, organization and business strategy. Communicates effectively with key stakeholders across the organization (e.g., IT, CISO, XIA), including conveying IT risk management and compliance concepts in a manner that can be understood by non-risk professionals.Collaborates effectively with key stakeholders to facilitate decision-making and address identified third-party information risks. Analyzes and presents complex data or information in a clear, concise and effective manner. Fosters strong internal and external relationships, including with business stakeholders. Leverages multi-disciplinary resources to efficiently and effectively solve problems. Demonstrates strong project and issue management capabilities, including assigning clear accountability and ownership for completing tasks or resolving issues.Operates with minimal supervision in a complex environment toward predetermined long-range targetsDetermines and pursues courses of action to obtain desired resultsRecognized as an expert in the field internally and externallyChampions large projects
Qualifications
BS / MS in relevant field10+ years experience; with at least 5 years management experience in relevant fieldMust have prior experience in an IT Risk Management, Audit and/or compliance roleKnowledge of SOX-IT General Controls, ISO/IEC 27001, ITIL, COBIT, and NISTUnderstanding of relevant legal, regulatory and privacy requirementsData privacy and third-party risk management experience a plusEffective organizational, time management and interpersonal skillsAnalytical mindset with creative and innovative problem-solving skillsAbility to adapt to change and embrace ambiguity
Location: This role can be based in our Cary, NC office or Virtual (in the United States)
Monthly: Monthly rates for this position can be shared with you per your location, this rate will fall within the posted range. Description & Requirements About Xerox Holdings Corporation
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power today’s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients — no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.
The Role
The focus of this role is Global IT compliance, risk, and audit. Xerox’s goal is applying global IT industry best practices, enabling Xerox to instill the business with new insights regarding global data, business risk, compliance, and information security. Xerox provides and delivers products, services and hosts direct consumer data - hence exposure to potential threats is high and adherence with global regulatory mandates is essential. This position will assess and remedy the effectiveness of internal IT controls, including those resulting from Sarbanes-Oxley (SOX) and shall work closely with internal and external audit teams, internal controls, the IT department, steering committees, accountants, and other key stakeholders to ensure strict compliance with relevant sections of the Sarbanes-Oxley Act of 2002.
Position Description
From a Global and Enterprise wide perspective – will support development and oversight of IT SOX related policies and procedures for the general operations and its related activities.Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future.
Maintains an effective Global compliance communication program for the IT organization, including promoting (a) use of the Compliance reporting; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related regulations, policies, and procedures.
Monitors the performance of the Global IT SOX Compliance Program and related activities on a continuing basis, taking appropriate steps to improve its effectiveness.
Supports IT activities associated with the annual SOX testing and management of internal and external audit findings, through issue closure.
Partner with IT Senior Leadership, internal company audit staff and external auditors to analyze, evaluate, prioritize, and implement necessary technologies or technology related process improvements and modifications (may include manual controls and implementation of automation).Supervise both employees and third-party contractors and companies. Must be capable of working within a matrixed environment, interfacing with both internal and external professionals at all levels of management. Reports directly to CIO.
Team responsibility: 5 Direct and 10 indirect reports
Typical Tasks
IT Compliance
Manage IT Compliance Team, responsible for:
IT compliance control monitoring and testing activities to determine effectiveness of the controls and ensure deficiencies are remediated IT compliance issue management tracking and resolution process to remediate, according to severity and potential impact to the organizationDetermine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirementsMonitor third-party adherence to IT compliance requirements and address instances of noncompliance including obtaining proof of required industry standard certification or report (e.g.: ISO, Service Organization Control Reports [SOCR], PCI, GDPR, CCPA, DSS)
Collaborate and integrate with other compliance and risk management functions across the enterprise: Internal Audit, Internal Controls, Enterprise Risk Management, Legal & Corporate Compliance and CISO Organization
Function as a liaison to coordinate activities in support of audits and regulatory compliance evaluations including remediation reporting and monitoring
Assess any related external frameworks or standards (e.g.: ITIL, COBIT, NIST, ISO) or internal standards (e.g.: code of conduct and use) to determine applicability and define the relevant IT compliance requirements
Monitor third-party adherence to IT compliance requirements and address instances of noncompliance including obtaining proof of required industry standard certification or report (e.g.: ISO, Service Organization Control Reports [SOCR], PCI, GDPR, CCPA, DSS)
Lead project teams in the development of functional and technical requirements to automate risk and compliance initiatives.
IT Risk Management
Manage the risk-related activities across the IT organization, including testing, reporting and recommending appropriate remediation measures. Manage alignment of enterprise business risks with the IT risks based on the IT infrastructure that supports the business processesDesign, conduct, and review risk assessments to analyze the design and effectiveness of IT control activitiesManage the reporting of IT risk assessment results with actionable recommendationsOversight and monitoring of IT risk mitigation and coordination of policy and controls with the Xerox IT leadership team, to ensure that effective processes and controls are being designed and implemented, inclusive of representing the current IT and business environmentCreate, disseminate and (as required) update documentation of the company’s identified IT risks and controls IT Risk Governance Coordinate IT risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizationsFacilitate the creation, modification, and communication / socialization of all IT policies and standardsAssist to define and monitor IT risk and compliance training programsTrack and report on metrics and activities involving IT risk, security and compliance activities, inclusive of monitoring KRIs and KPIsAssist with the creation of Board and Risk Committee presentations, including providing periodic updates to the Board and Risk Committee
IT Risk Governance
Coordinate IT risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizationsFacilitate the creation, modification, and communication / socialization of all IT policies and standardsAssist to define and monitor IT risk and compliance training programsTrack and report on metrics and activities involving IT risk, security and compliance activities, inclusive of monitoring KRIs and KPIsAssist with the creation of Board and Risk Committee presentations, including providing periodic updates to the Board and Risk Committee
Technical Skills
The Director, IT Risk & Compliance acts as subject matter expert and leader that works directly with the IT Senior leadership team and Xerox Management Audit Committee. The role will monitor and report results of the compliance/ethics efforts of the company and provide guidance for the senior management team on matters relating to SOX compliance. Together with the Xerox Management Audit Committee, implements necessary actions to ensure achievement of the objectives of an effective IT compliance program.
Understands the industry, organization and business strategy. Communicates effectively with key stakeholders across the organization (e.g., IT, CISO, XIA), including conveying IT risk management and compliance concepts in a manner that can be understood by non-risk professionals.Collaborates effectively with key stakeholders to facilitate decision-making and address identified third-party information risks. Analyzes and presents complex data or information in a clear, concise and effective manner. Fosters strong internal and external relationships, including with business stakeholders. Leverages multi-disciplinary resources to efficiently and effectively solve problems. Demonstrates strong project and issue management capabilities, including assigning clear accountability and ownership for completing tasks or resolving issues.Operates with minimal supervision in a complex environment toward predetermined long-range targetsDetermines and pursues courses of action to obtain desired resultsRecognized as an expert in the field internally and externallyChampions large projects
Qualifications
BS / MS in relevant field10+ years experience; with at least 5 years management experience in relevant fieldMust have prior experience in an IT Risk Management, Audit and/or compliance roleKnowledge of SOX-IT General Controls, ISO/IEC 27001, ITIL, COBIT, and NISTUnderstanding of relevant legal, regulatory and privacy requirementsData privacy and third-party risk management experience a plusEffective organizational, time management and interpersonal skillsAnalytical mindset with creative and innovative problem-solving skillsAbility to adapt to change and embrace ambiguity
Location: This role can be based in our Cary, NC office or Virtual (in the United States)
Confirm your E-mail: Send Email
All Jobs from Xerox