Company Description
Experian is the world's leading global information services company. During life's big moments - from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers - we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we're investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
**Job Description**:
Come join Experian as a senior team member of the Control Assurance Testing Team.
The Controls Assurance Testing Teams report into the Global Security Office and we are the 2LOD (Line of Defense) between the 1LOD (Control Owners) and the 3LOD (Audit). We help the control owners to evaluate if the security controls are working as intended, make recommendations for remediation, and report on our assessments.
**Some of your responsibilities will include**:
- Leading control testing teams or collaborating within the team to perform design and operating effectiveness testing of information security controls from planning, kickoff, fieldwork, testing through reporting activities.
- Providing peer review for control testing documentation and reviewing the quality of the work for tests you are leading for accuracy and timely completion.
- Identifying and documenting control deficiencies including root causes, risk descriptions, consistent issue ratings and recommendations for improvement.
- Creating and presenting reports and control testing findings to the testing stakeholders, including the socialization of any findings.
- Serving as the primary contact with business stakeholders for the controls tests that you lead, and responsible for the quality of control testing engagements and stakeholder communications including regular status updates.
- Contributing to the efficiency of the control testing program, by ensuring KPIs are measurable, that testing materials are standardized, and stakeholder feedback is captured, to facilitate continual improvement.
**Qualifications**:
You need to know:
- Cybersecurity principles and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
- Governance, risk, and controls principles
You need to have:
- Effective collaboration and people skills.
- Experience in performing impact, risk, or control assurance assessments, preparing plans and related correspondence, and conducting reviews of systems, performing root cause analysis, managing expectations, and demonstrating commitment to delivering quality results.
- Adept verbal and in written communications
- Answer questions in a clear and concise manner.
- Ask clarifying questions.
- Facilitate small group meetings.
- Collect, verify, validate, and analyze test data.
- Translate data and test results into evaluative conclusions.
- Exercise judgement when controls are not well defined.
- Complete internal security assessments that include planning, execution, and reporting for the engagement.
- Determine the protection needs of information systems, processes, and networks.
We are looking for someone with:
- A bachelor's degree in computer science, management information systems, or relevant field or equivalent demonstrable experience.
- 3+ years' experience performing IT Audit or Information Security control assessments.
- 5 - 7 years of experience in Information Security, Information Technology, and / or IT Audit.
It would be fantastic if you have:
- A CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or comparable certifications
- In-depth understanding of information security, risk management and Experian's systems and environment
- Extensive knowledge of Information technology-related frameworks, such as International Standards Organization (ISO) 27001 series, NIST series, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT)
- An understanding of privacy-related regulations, such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), and regional breach notification laws
- Basic knowledge of vertical-specific frameworks and regulations, e.g., HIPAA, and PCI
- Knowledge of Risk analysis, assessment, treatment, and management methodologies
- Experience with issue management, risk ratings and remediation of risks
- Ability to determine locate and document any business unit-specific requirements that may exist due to geography, region, data, vertical, etc.
- Experience with Mergers and Acquisitions
- Preferred certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manag