Company Description Lexmark, now a part of Xerox, specializes in cloud-enabled imaging and IoT technologies that deliver actionable insights to accelerate business transformation. Known for its innovation and deep industry expertise, Lexmark helps customers optimize workflows and turn data into meaningful decisions. The company is committed to driving impactful business outcomes worldwide. Security Compliance Auditor Go to Xerox External Careers A Security Compliance Auditor is responsible for ensuring that policies, processes, and operations meet set standards and regulations for security and data protection. This role is responsible for assessing compliance in company environments, developing security controls to address the security risks, and working with IT and all business units on complying with the policies through awareness and engagement. Job Responsibilities: Complete internal audits for ongoing security and compliance requirements and contractual agreements and evaluate the impact of changing regulations for ISO 27001, CMMC, FedRamp and others. Conduct and document interviews, document controls testing, and gather evidence from stakeholders at various levels in the company. Evaluate the adequacy and effectiveness of security controls, evaluate potential risks and risk management practices, and governance processes. Identify control weaknesses, process inefficiencies, and compliance gaps, and formulate strategies to ensure compliance and mitigate risks. Assist with coordination of external security audits for ISO 27001, SOC 2, and others. Prepare clear, accurate audit reports and present findings and recommendations to management. Track and validate management's corrective actions for previously reported audit issues. Work independently on assigned tasks and projects with minimal management oversight and guidance. Strengthen security awareness by educating users on risk, security requirements, and processes. Work in a team setting to understand and cross-train on governance and risk activities. Support special projects and advisory engagements, as assigned. Competencies, Skills, Knowledge & Abilities: Knowledge of security controls frameworks such as ISO 27001 and SOC 2, best practices and principles for cybersecurity Knowledge of IT Security Risk Frameworks, such as NIST Cybersecurity Framework and CIS 18 Ability to thrive in team environments Strong understanding of security controls and audit methodologies IT background and knowledge of IT business systems Ability to own initiatives with minimal direct supervision Strong analytical and data analysis skills Executive presence, and effective communication, presentation, and interpersonal skills Ability to perform root cause analysis and make sound and timely decisions to resolve problems Ability to work across different departments and communicate with end users Appropriately use and protect confidential information acquired in the course of the job Ability to learn new concepts and information on a frequent basis Excellent organizational, documentation, and project management skills with attention to detail Proven ability to manage multiple priorities Knowledge of OneTrust tool is a plus Education and Experience Required 3-5 years of experience in Compliance/Audit Bachelor's degree in Information Systems, Risk Management, IT, MIS, Computer Science, or similar technical fields Preferred 6-10 years of relevant experience ISO 27001 Lead Auditor, CISA, CISM, CIA, or similar professional certification
