Cybersecurity and Data Protection Specialist (DPO) - Xerox Espana, S.A.U.

Spain

Full Time Mid-level / Intermediate EUR 34K - 79K * ^est.

Xerox

View all jobs at Xerox

Apply now Apply later

Posted 2 days ago

General Information

Press space or enter keys to toggle section visibility

Country Spain Department IM SECURITY Date Monday, June 2, 2025 Working time Full-time Ref# 20035906 Job Level Individual Contributor Job Type Experienced Job Field IM SECURITY Seniority Level Associate

Description & Requirements

Press space or enter keys to toggle section visibility

About Xerox Holdings Corporation
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we’ve expanded into software and services to sustainably power the hybrid workplace of today and tomorrow. Today, Xerox is continuing its legacy of innovation to deliver client-centric and digitally-driven technology solutions and meet the needs of today’s global, distributed workforce. From the office to industrial environments, our differentiated business and technology offerings and financial services are essential workplace technology solutions that drive success for our clients. At Xerox, we make work, work. Learn more about us at www.xerox.com .
Purpose:
Responsible for planning and implementing risk management strategies, processes and programs. Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
The implementation of organization-wide processes and procedures for the management of operational risk.The development of and execution of information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.
Candidate must reside in Spain.
Primary Responsibilities:

Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as privacy, security architecture and environment. Coordinates the development of countermeasures and contingency plans.
Applies standard procedures to enhance security or resilience to system interruptions. Can take immediate action in an incident to limit business impact and escalates event to higher authority.
Applies and maintains specific risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems. Determines when issues should be escalated to a higher level. Demonstrates effective communication of risk management issues to business managers and others.
Maintains knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks. Implements and administers risk management technologies and process controls in a given specialism, and conducts compliance tracking. The specialism can be any area of information or communication technology, technique, method, product or application area.

Business Risk Management:

Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.
Refers to domain experts for guidance on specialized areas of risk, such as privacy, compliance, architecture, finance and environment.
Co-ordinates response to quantified risks, which may involve acceptance, transfer, reduction or elimination. Assists with development of agreed countermeasures and contingency plans.
Monitors status of risks, and reports status and need for action to senior management.

Information Assurance:

Applies procedures to assess security of information and infrastructure components. Identifies risks of unauthorized access, data loss, compromise of data integrity, or risk of business interruption.
Reviews compliance to information security policies and standards. Applies procedures to assess compliance of hardware and software configurations to policies, standards, legal and regulatory requirements.
Communicates information assurance issues effectively to users and operators of systems and networks

Information Risk:

Demonstrates effective communication of security issues to business managers and others.
Develops and maintains knowledge of the technical specialism by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.
Maintains an awareness of current developments in the technical specialism.
Applies and maintains specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
Determines when security issues should be escalated to a higher level.
Analyzes incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance. Assesses and reports the probable causes of incidents and consequences of existing problems and known defects.
Conducts security control reviews in well defined areas.
Provides advice, both reactively and pro-actively, to those engaged in activities where the technical specialism is applicable, including those in areas such as budgetary and financial planning, litigation, legislation, and health and safety.
Identifies opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.
Carries out specific assignments related to the technical specialism, either alone or as part of a team.
Maintains knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency.

Requirements:

Academic Background: Degree in Computer Science, Cybersecurity, IT Engineering, Telco, or a related field.
Language: Spanish and English fluent speaker – professional level.
Experience: Minimum of 3-5 years of experience in cybersecurity and data protection.
Proven experience managing SaaS products

Certifications:
At least one current professionally recognized security and privacy certification, examples include:

Certified Information Systems Security Professional (CISSP): Advanced certification that validates the ability to design, implement, and manage a cybersecurity program.
Certified Information Security Manager (CISM): Focused on information security management and IT governance.
Certified Data Protection Professional (CDPP): Specific to data protection and GDPR compliance.
Certified Information Privacy Manager (CIPM): privacy program administration to establish, maintain and manage a privacy program across all stages of its life cycle.

Required Skills: