Pci Compliance Lead
Year Kochi, Kerala, India
Job Description
b'
About Xerox Holdings Corporation
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we\xe2\x80\x99ve expanded into software and services to sustainably power today\xe2\x80\x99s workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients \xe2\x80\x94 no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at www.xerox.com and explore our commitment to diversity and inclusion.
Purpose:
- Responsible for planning and implementing risk management strategies, processes and programs. Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
- The implementation of organization-wide processes and procedures for the management of operational risk.
- The development of and execution of information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
- The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
- This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.
Scope:
- Autonomy:
- Works under general supervision.
- Uses discretion in identifying and resolving complex problems and assignments.
- Specific instruction is usually given and work is reviewed at frequent milestones.
- Determines when problems should be escalated to a higher level.
- Influence:
- Interacts with and influences department/project team members.
- Frequent external contact with customers and suppliers.
- In predictable and structured areas, may supervise others.
- Decisions may impact work assigned to individual/phases of project.
- Complexity;
- Specialized range of work, of relatively less complexity and standard, in variety of environments.
General:
- Uses best practices and knowledge of internal or external business issues to improve products or services
- Acts as a resource for colleagues with less experience
- Requires in-depth knowledge and experience
- Decisions guided by policies, procedures and business plan
- Generally domestic scope/accountability
Primary Responsibilities:
- Carries out risk assessment within a defined functional or technical area of business.
- Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business.
- Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment.
- Coordinates the development of countermeasures and contingency plans.
- Applies standard procedures to enhance security or resilience to system interruptions. Can take immediate action in an incident to limit business impact and escalates event to higher authority.
- Applies and maintains specific risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems. Determines when issues should be escalated to a higher level. Demonstrates effective communication of risk management issues to business managers and others.
- Maintains knowledge of specific technical specialists, provides detailed advice regarding their application, executes specialized tasks. Implements and administers risk management technologies and process controls in a given specialism and conducts compliance tracking. The specialism can be any area of information or communication technology, technique, method, product or application area.
- Specific Tasks:
- Business Risk Management
- Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.
- Refers to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment.
- Co-ordinates response to quantified risks, which may involve acceptance, transfer, reduction or elimination. Assists with development of agreed countermeasures and contingency plans.
- Monitors status of risks, and reports status and need for action to senior management.
- Information Assurance
- Applies procedures to assess security of information and infrastructure components. Identifies risks of unauthorized access, data loss, compromise of data integrity, or risk of business interruption.
- Reviews compliance to information security policies and standards. Applies procedures to assess compliance of hardware and software configurations to policies, standards, legal and regulatory requirements.
- Communicates information assurance issues effectively to users and operators of systems and networks.
- Information Risk
- Demonstrates effective communication of security issues to business managers and others.
- Develops and maintains knowledge of the technical specialism by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.
- Maintains an awareness of current developments in the technical specialism.
- Applies and maintains specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
- Determines when security issues should be escalated to a higher level.
- Analyzes incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance. Assesses and reports the probable causes of incidents and consequences of existing problems and known defects.
- Conducts security control reviews in well defined areas.
- Provides advice, both reactively and pro-actively, to those engaged in activities where the technical specialism is applicable, including those in areas such as budgetary and financial planning, litigation, legislation, and health and safety.
- Identifies opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.
- Carries out specific assignments related to the technical specialism, either alone or as part of a team.
- Maintains knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency.
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.
Related Jobs
Job Detail
-
Job IdJD3259658
-
IndustryNot mentioned
-
Total Positions1
-
Job Type:Full Time
-
Salary:Not mentioned
-
Employment StatusPermanent
-
Job LocationKochi, Kerala, India
-
EducationNot mentioned
-
ExperienceYear