Governance, Risk and Compliance Manager

Lexmark is now a proud part of Xerox, bringing together two trusted names and decades of expertise into a bold and shared vision.

When you join us, you step into a technology ecosystem where your ideas, skills, and ambition can shape what comes next. Whether you're just starting out or leading at the highest levels, this is a place to grow, stretch, and make real impact—across industries, countries, and careers.

From engineering and product to digital services and customer experience, you'll help connect data, devices, and people in smarter, faster ways. This is meaningful, connected work—on a global stage, with the backing of a company built for the future, and a robust benefits package designed to support your growth, well-being, and life beyond work.

JOB SUMMARY

We are looking for an experienced and strategic cybersecurity leader to shape and advance the organization's enterprise security program. This role will lead a dynamic team responsible for managing vulnerabilities, and driving governance, risk, and compliance (GRC) initiatives across the business.

As GRC Manager, you will play a critical role in strengthening the organization's security posture against evolving threats while ensuring alignment with regulatory standards and business objectives. This is a high-impact position that requires strong leadership, cross-functional collaboration, and the ability to translate complex security requirements and risks into actionable strategies.

WHAT YOU WILL BE DOING

Leadership & Strategy

• Develop and execute a comprehensive cybersecurity strategy aligned with business objectives, ensuring the confidentiality, integrity, and availability of information assets.

• Define and execute Lexmark's cybersecurity strategy across technologies and business units.

• Collaborate with senior leadership to align security initiatives with enterprise risk appetite and business goals.

Vulnerability Management

• Oversee the team responsible for end-to-end risk and vulnerability identification, assessment, and remediation across Lexmark's infrastructure and applications, ensuring alignment with enterprise security objectives.

• Establish prioritization protocols for vulnerabilities based on risk and business impact, ensuring timely resolution.

• Develop and maintain performance metrics and dashboards to monitor remediation progress and track risk reduction trends.

Governance, Risk & Compliance

• Develop and maintain enterprise-wide security policies, standards, and procedures aligned with frameworks such as NIST CSF, ISO 27001, and CIS Controls.

• Lead risk assessments to identify, evaluate, and prioritize cybersecurity risks across systems and business units.

• Design and implement risk mitigation strategies and ensure continuous risk monitoring and reporting.

• Oversee internal and external audit readiness and ensure compliance with regulatory requirements (e.g., SOC 2, HIPAA, GDPR).

• Promote compliance awareness and drive engagement across departments through training and communication.

• Respond to customer security inquiries and manage third-party risk evaluations.

• Develop and lead a comprehensive cybersecurity awareness program to foster a culture of security vigilance.

• Assess and manage the cybersecurity posture of third-party vendors and partners.

MUST-HAVE QUALIFICATIONS, SKILLS, EXPERIENCE

• Experience in vulnerability management, cloud security, and information security.

• Strong knowledge of security frameworks (NIST, ISO, CIS), regulatory requirements, and risk management practices.

• Proficient in preparation of reports, dashboards, and documentation.

• Experience leveraging technology to automate and improve processes.

• Ability to handle high pressure situations with key stakeholders.

EDUCATION AND CERTIFICATIONS BASIC REQUIREMENTS

• Bachelor's degree in computer science, Information Technology, or a related field. Master's degree is a plus.

• Desired: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other relevant certifications.