Professional Security Compliance Orchestration
New Orleans (Jefferson Parish)
Job description
· Job Description:
Business Environment:
DXC is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology is a $25 billion company with a 60-year legacy of delivering results for thousands of clients in more than 70 countries. Our technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions.
Objectives:
The Security Compliance Orchestration (SCO) is responsible for the tracking and reporting of security compliance and risk metrics for in scope DXC Security services delivered to an account. The SCO partners with the DXC Risk and Compliance Manager to facilitate the delivery of security compliance metrics/reporting to various audiences within DXC and the clients that are supported. The SCO is the focal point for the assessment, audit and compliance activities. Understanding the contractual compliance obligations and DXC expected minimum controls and how it relates to the compliance deliverables will be components of the reporting. Utilizing the in depth security compliance knowledge across multiple industries, taxonomies and delivery models, the SCO will drive the development of new features and functionality, as necessary, to improve quality compliance coverage, standard reporting and automation.
Primary Responsibilities:
· Manage and report compliance related information to respective parties
· Partner with Risk and Compliance Manager to ensure communication of quality compliance and risk reporting
· Support delivery excellence in Security operations (to proactively avoid non-compliance /contractual penalties).
· Manage Security Risk and Exception to control standards using GRC tools
· Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual) are conveyed to respective delivery areas.
· Maintain a professional, respectful, honest, and strong presence across the ecosystems
Additional Responsibility per Area:
Quality Assurance Area
· Ensures quality delivery of audit and assessment artifacts. Will be responsible for understanding all the controls and artifacts associated with an account’s third party audits and assessments.
· Contribute to, and improve, the operations of the Security Compliance, Risk and Audit Management programs
· Maintain a strong understanding of security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
· Ensure the necessary compliance and risk frameworks are appropriately executed and operating effectively across the respective risk and industry taxonomies and communicate awareness campaigns
· Risk and Compliance Manager backup as necessary when manager is unavailable
Compliance Area
· Prepare Compliance Monthly Reports and presentation materials, reporting on compliance processes, metrics and trends through account established reporting mechanisms for various audiences
· Strong understanding of software technology and tools
· Review the effectiveness of compliance tools, and drive the development of new features and functionality as necessary in order to improve compliance coverage, standard reporting and automation.
· Owns and maintains the Security Risk and Compliance register framework including findings and other security related documentation artifacts
· Will be responsible for understanding all the security controls associated with an account and will structure activities to collect, record and report the state of compliance
· Works closely with the Risk and Compliance Manager and the Security Delivery Manager to identify, evaluate, monitor and report operational business risks
· Works with infrastructure teams to carry out a vulnerability management program
· Works with respective account and delivery teams to complete an effective access review process
· Validate, support, and improve the compliance and application development programs, the static and dynamic scanning infrastructure
· Understand contractual requirements as it pertains to security and privacy, not just security services provided
· Work with Q/A and remediation teams to improve on quality of data and call out systemic issues discovered and convey to respective leadership areas and delivery
· Escalate issues, as needed, to appropriate leadership
Remediation Area
· Coordinates and assists with prioritization of remediation efforts resulting from non-compliant areas identified either through scans, audits or compliance tools
· Maintain an appropriate communication and remediation plan with delivery area and key stakeholders to inform them with details of compliance remediation activities.
· Negotiate and influence appropriate resolution of non-compliant issues directly with delivery areas and internal stakeholders.
· Ability to escalate issues to appropriate leadership
· Work with Risk and Compliance Manager to understand business impact associated with risks identified
Minimum Qualifications:
Education and Experience Required:
· Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
· Excellent and effective communication skills
· Strong analytical and problem solving skills required; attention to detail.
· Ability to work efficiently and independently in a fast-paced, high-volume environment
· Ability to work effectively in diverse, multi-national and virtual environments to work collaboratively to solve problems and actively incorporate input from various sources
· Self-motivated, tenacious and action oriented
· Exude confidence, sound judgment and integrity
· Strong organizational and productivity skills, ability to effectively manage multiple, competing projects while achieving targeted results
· Prioritization and time management skills
· Fluent in English
Preferred knowledge, skills and abilities
· Multi language skills, a plus
Additional Qualification per Area:
Quality Assurance Area
Education and Experience Required:
· At least 3 year’s experience working in a risk management, audit or a security governance role
· Proven experience in audit and compliance programs and regulations
Preferred knowledge, skills and abilities
· Relevant industry certifications (CISSP, CISM, CISA or CRISC) a plus
· Proficiency and experience in the execution of dynamic control frameworks and regulatory standards, to include but not limited to, ISO, COBIT, NIST, HIPAA, GCP, GLP, GMP, (GxP), PCI, HITRUST, and other relevant industry regulations, standards, and guidelines
· Cloud security framework
Compliance Area
Education and Experience Required:
· Demonstrated compliance reporting; security compliance assessment; risk analysis; corrective action planning experience.
· Basic knowledge of Security Analysis (manual and leveraging automated compliance and/or scanning tools).
Preferred knowledge, skills and abilities
· Programming and scripting experience
About DXC Technology
Thanks for taking the time to review our job, if you think it is a match to your experience and interests please apply today— we are eager to learn more about you! If you know a friend who may be a fit for the job please refer them.
Please note the above statements describe the general nature and level of work only. They are not a complete list of all required responsibilities, duties and skills. Other duties may be added, or this description amended at any time.
Please Note
In order to satisfy our contractual obligations with clients, the successful candidate will be required to pass a basic, standard Criminal Records check. You will also be required to sign off on DXC’s Confidentiality, Non-Solicitation and Conflict of Interest Agreement.
DXC is an equal opportunity employer. We welcome the many dimensions of diversity.
Accommodation of special needs for qualified candidates may be considered within the framework of the DXC Accommodation Policy.