DXC Technology
- Mainly responsible for vulnerability scanning and remediation, policy compliance, SIEM compliance and Penetration test results remediation;
- Identifying responsible teams and ensure timely follow up on company actions, as required by contract.
- Understanding customer security requirements, as presented in documentation: Understand security requirements documented in technical documentation, contract document, etc.
- Understanding customer security needs. Be aware and up to date with company portfolio of services.
- Monitoring / Security Reporting: Prepare and / or analyze security reports, consolidate security reporting data coming from various sources.
- Review security requirements prepared for new project implementation, provide consultation / advice for security requirements specific to the account environment.
- Coordinating security programs and initiatives.
- Fill in gap analysis documentation, coordinate self-assessment documentation and checklists, coordinate and facilitate assessments process, as described in customer / company policies
- Maintaining Risk Register. Manage entire Risk process. Escalating non-compliance to Security risk management process to Lead Security Officer and / or Account management. Ensuring Security risk management documentation is up to date.
- Participating and/or leading security risk monitoring and review.
- Identifying, rating and escalating risks: Contributing to risk assessment in the respective areas of expertise. Ensure risk acceptance / approval levels are followed.
- Coordinating collection of audit evidence and collaboration between teams, requested in company internal or external audits.
- Audit management back office activities: creation and maintenance of audit items, action items and follow up on auditees' timely responses
- Coordinating and following-up on audit remediation activities. Provide feedback to audit documentation and maintain findings status up to date.
- Coordinating remediation activities for both custom and shared delivery teams.
- Perform policy analysis: analyze statements in company and customer policies and identify deviations.
- Conducting security training to internal company teams, as specified in customer / contractual requirements. If defined in scope of services, contribute to development of training materials. Prepare reporting and analysis for conducted trainings
- Contributing to development / implementation of security incident management process to the extent possible in the transition environment.
- Maintain security risk register and contribute to the security risk management implementation within the account. Transfer gaps / risks identified during transition / transformation into security risk management process.