Security Compliance Analyst Lead

Security Compliance Analyst Lead JD

Our Security Team is comprised of professionals with a broad background in business Information Security assurance and delivery experience, supporting a range of DXC Technology Outsourced Clients and Industries.

This Compliance Analyst role works alongside a Financial Sector Customer and DXC Account SME's, Commercial Teams, and Third-Party Vendors. The role supports the Compliance Lead in the analysis of compliance to service contracted policy controls relevant to both DXC and its Third Parties.

Key responsibilities:

• Maintenance of the DXC DB Account Governance Framework documents.
• Assesses Policies for change and potential risk.
• Co-ordinating VSCM reviews and liaising with Third Parties to ensure compliance.
• Evaluates DXC and Third-Party evidence in support of Client Policies.
• Maintains relationships with SME's, Risk, Commercial and Client Teams.
• Guides and advises stakeholders to ensure smooth running of processes.
• Liaises with other Team members in support of objectives.
• Produces and updates governance procedures and reporting.
• Leads Internal, Third-Party and Customer facing meetings, as required.

Mandatory Skills must include:

• Internal Audit/Assessment experience, including Third-Party compliance.
• Able to determine effectiveness of policy controls (operational, management and technical) to identify gaps in compliance.
• Attention to detail and an analytical approach to document review.
• Effective document presentation skills to meet business needs.

Expected Skills:

• Strong communicator; can interpret controls into understandable guidance.
• Excellent command of English; written and verbal.
• Able to prioritize workload based on operational deadlines.
• Experience working with ISO 27001 and an ISMS in a large organisation.

Desired Skills include:

• Knowledge of Regulatory Compliance Controls.
• Proficiency with Microsoft (Outlook, Word, Excel, PPT. Teams, SharePoint)
• Experience with Third Party Policy flow-downs.
• Exposure to international Clients / Delivery Teams.

Education and Experience:

• Bachelor's Degree in any discipline.
• Typically 8 years or more experience with at least 5 years in the field of Information Security.
• Certifications must have: CISA or ISO 27001 Lead Auditor.
• Certifications desirable: CISSP or CISM.