Security Risk Analyst | Hybrid

Lexmark is now a proud part of Xerox, bringing together two trusted names and decades of expertise into a bold and shared vision.

When you join us, you step into a technology ecosystem where your ideas, skills, and ambition can shape what comes next. Whether you’re just starting out or leading at the highest levels, this is a place to grow, stretch, and make real impact—across industries, countries, and careers.

From engineering and product to digital services and customer experience, you’ll help connect data, devices, and people in smarter, faster ways. This is meaningful, connected work—on a global stage, with the backing of a company built for the future, and a robust benefits package designed to support your growth, well-being, and life beyond work.

This role is responsible for supporting the risk management process and security compliance requirements.

Job Responsibilities:

• Support the third-party risk management program by performing vendor assessments, reassessments, critical supplier reviews, and ongoing monitoring.
• Complete risk assessments based on CIS 18 and NIST CSF frameworks, assist risk owners to create risk treatment plans and follow up on deadlines, assist with analyzing data and creating risk charts for senior management.
• Regularly evaluate potential risks and formulate strategies to mitigate and reduce identified risks.
• Work closely with various departments to communicate risk status and integrate risk management strategies into their operations.
• Prepare comprehensive reports on risk assessment findings and action plans and present them to management and stakeholders.
• Work independently on assigned tasks and projects with minimal management oversight and guidance.
• Communicate with personnel and management at various levels across the organization and in other geographies.
• Communicate results and project status effectively to management.
• Strengthen security awareness by educating users on risk, security requirements, and processes.
• Work in a team setting to understand and cross-train on governance and compliance activities.
• Execute special projects, as assigned.

Competencies, Skills, Knowledge & Abilities:

• Knowledge of IT Security Risk Frameworks, such as NIST Cybersecurity Framework and CIS 18.
• Familiarity with security controls frameworks such as ISO 27001 and SOC 2, including best practices and cybersecurity principles.
• Understanding of privacy control frameworks such as GDPR, DORA, NIS2, and EU Data Act.
• IT background and knowledge of IT business systems.
• Ability to own initiatives with minimal direct supervision.
• Strong analytical and data analysis skills.
• Demonstrates executive presence, effective communication, presentation, and interpersonal skills.
• Ability to perform root cause analysis and make sound, timely decisions to resolve problems.
• Capable of working across departments and communicating with end users.
• Appropriately uses and protects confidential information acquired in the course of the job.
• Quick to learn new concepts and information on a frequent basis.
• Excellent organizational, documentation, and project management skills with attention to detail.
• Proven ability to manage multiple priorities.
• Knowledge of OneTrust tool is a plus.

Education and Experience

• 3-5 years of experience in IT, Cybersecurity Governance, Risk, or Compliance/Audit role
• Bachelor’s degree in business, Risk Management, IT, MIS, Computer Science, or similar technical field

• 6-10 years of relevant experience
• CRMA, CISSP, CISA, CISM, CySA+ or similar professional certification