Job Description As a lead member of the Control Assurance team reporting to the Information Security Control Assurance Testing Manager, you will conduct independent, comprehensive assessments of the management, operational, and technical security controls employed within processes or IT systems to determine the effectiveness of those controls.
You will ensure the quality and security of our cloud-based and on-premise applications through testing, automation, and collaboration with cross-functional teams.
You will work in an Agile environment and use JIRA and Kanban boards to manage tasks.
Responsibilities Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing frameworks for cloud environments.
Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria.
Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities.
Provide quality assurance for control testing documentation produced during testing, ensuring accurate completion of all required control testing documentation.
Identify and document control deficiencies, including root causes, risk descriptions, issue ratings, and recommendations for improvement.
Create and present reports of control testing findings to partners, socializing any findings.
Be the primary contact with partners for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates.
Contribute to the efficiency of the control testing program by ensuring indicators are measurable, that testing materials are standardized, and stakeholder feedback is captured to facilitate improvement.
Identify test cases for control activities and develop automated testing scripts to enhance the testing process.
Ability to determine the protection needs of information systems, processes, and networks.
Qualifications 8+ years of experience working in Control Assurance or Risk environments.
Experience creating queries and reports using RSA Archer and ServiceNow.
Knowledge of security tools such as Sailpoint, Rapid7, Wiz.io , and MS Defender Knowledge of governance, risk, and controls principles.
Familiarity with cloud concepts and technologies, AWS and Azure Experience using generative AI such as Chat GPT to create test strategies, reports, and communications.
Familiarity with Kanban boards and Jira.
Familiarity with cybersecurity controls and security control frameworks such as ISO 27001, NIST, PCI, and HIPAA.
Understanding of current industry methods for evaluating controls, particularly in cloud environments.
Experience preparing plans and related correspondence.
Experience with control activities, identifying and writing/communicating findings and performing root cause analysis.
Proficient in preparing and presenting briefings.
Strong relationship management skills, demonstrating commitment to delivering quality results.
Experience utilizing feedback to improve processes and engagements.
Experience identifying systemic issues from analyzing testing data.
Competent in answering questions clearly and concisely, as well as asking clarifying questions.
Capable of communicating complex information, both verbally and in writing.
Ability to facilitate small group meetings and collect, verify, validate, and analyze test data.
Experience translating data and test results into evaluative conclusions.
Judicious in decision-making when controls are not well defined.
Proficiency in both automated and manual testing of information security controls.
Additional Information This is a permanent home-based role in Costa Rica.
No relocation available.
Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
Experian is proud to be an Equal Opportunity and Affirmative Action employer.
Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success.
Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age.
If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
#LI-Remote