Job Description

For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we\'ve expanded into software and services to sustainably power today\'s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients - no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at and explore our

Purpose:

• Responsible for planning and implementing risk management strategies, processes and programs. Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
• The implementation and Performance of IT audit work and management testing.

• The independent, third-party assessment of the conformity of any activities, processes, deliverables, and product or service with the criteria of specified standards, such as BS7799/ISO 27001, COBIT, COSO, local standards, best practice or other documented requirements.

• Assessment may relate to, for example, information security, general computer controls, asset management, network security tools, firewalls and Internet security, real-time systems and application design and development.

• This role will specialize on specific IT audit conformity such as IT General Computer Control audit for Sarbanes Oxley 404 compliance or information security inspection and Audit

Scope:
Specific:

• Autonomy:

• Works under general supervision.

• Uses discretion in identifying and resolving complex problems and assignments.

• Receives specific assignments in the form of scope and work is reviewed at frequent milestones.

• Determines when problems should be escalated to a higher level.

• Influence:

• Interacts with and influences department/project team members.

• Frequent external contact with customers and suppliers.

• In predictable and structured areas, may supervise others.

• Decisions may impact work assigned to individual/phases of project.

• Develops high-level relationships with customers, suppliers and value chain partners.

• Complexity:

• Specialized range of work, of relatively less complexity and standard, in variety of environments.

General:

• Uses best practices and knowledge of internal or external business issues to improve products or services

• Acts as a resource for colleagues with less experience

• Requires in-depth knowledge and experience

• Decisions guided by policies, procedures and business plan

• Generally domestic scope/accountability

Primary Responsibilities:

• Evaluates and independently appraises the IT general computer and information security control of automated business and IT processes, based on investigation of evidence and assessments undertaken by self. Ensures that independent appraisals follow agreed procedure. Evaluate and recommend on ways of improving the effectiveness and efficiency of their control mechanisms.

• Specifically:

• Evaluates and independently appraises the general computer, information security and internal controls and operation of automated business processes, preparing programs of tests to determine the conformity with applicable standards.

• Evaluates the results against specified objectives.

• Reviews codes, documents and tests of IT programs to meet given specifications.

• By analysis of collected information, identifies control weaknesses in processes or areas, and prepares formal reports commenting on the conformity found to exist in the audited part of an IT environment.

• Reports audit findings and recommendations for improvement in the effectiveness and efficiency of control of aspects of the total IT environment, and reviews with line management.

• Applies statistically valid sampling techniques against relevant populations to meet audit objectives

• Compliance activity can include regulatory (i.e. Sarbanes-Oxley 404), industry standards for IT risk and security management (COBIT, ISO 27001), and company wide information security policies.

Share this job:

Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity or expression, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. Learn more at and explore our commitment to diversity and inclusion! People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to talentacquisitionsupport@xerox.com. Be sure to include your name, the job you are interested in, and the accommodation you are seeking.

\xc2\xa9 2023 Xerox Corporation. All rights reserved. Xerox\xc2\xae and Xerox and Design\xc2\xae are trademarks of Xerox Corporation in the United States and/or other countries.

Xerox