**Company Description**
Experian is the world's leading global information services company. During life's big moments - from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers - we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.
We have 20,000 people operating across 44 countries and every day we're investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.
**Key Responsibilities**
- Conduct and prioritize project security assessments (PSA) for new enterprise development and significant changes, and facilitate the continual submission, review, and decisions related to business unit-critical issues and exceptions to any security control.
- Coordinate and maintain strong understanding of all BU information security risks. Anticipate the needs for risk assessment, review, and adjustment or escalation of risk rating, as well as any other demands within the risk lifecycle.
- Foster trusted executive relationships while dealing with members of the BU's management team. Participate in project planning process to ensure that appropriate levels of security oversight exist.
- Assess, consult, and collaborate as needed to link security with business unit goals and initiatives.
- Advocate for the BU by sharing its specific threats, requirements, and insights with the EGSO Leadership, other SPs, and members of the Information Technology (EITS) and security organization, to ensure a business unit-specific perspective exists. In addition, supports resource discussions based on the specific needs, risks, and priorities of that BU.
- Support BU-level strategic decision-making, product development, system implementations, and the change management associated with the adoption of new security processes and procedures.
- On-going partnership (vs. one time guidance) to build environments and deploy technologies in a secure manner and mitigating risks beforehand - truly positioning security as an enabler of business.
- Monitor information security trends internal and external to the business and keep business-facing leadership informed about information security-related incidents (Threat Informed Defense Approach).
- Promote corporate cybersecurity awareness activities and support the implementation of security awareness concepts locally, as needed, to suit the business unit.
- Create and review security metrics to measure security effectiveness at the business unit and corporate level.
- Quantify and communicate risk to BU leadership in relation to BU-specific goals, initiatives, and changes (people, process, technology).
- Translate how business unit-specific risks factor into firmwide risks at senior-level, e.g., Regional Management Committees (RMC), Security Review, and Security and Continuity Steering Committee (SCSC).
- Support on the monitoring and measuring of policies, processes, and controls that support compliance with industry and regionally specific mandates, laws, and regulations specific to the business unit, and how those roll up into broader mandates for the enterprise.
- Work with other governance functions on educating BU leadership on prospective changes to relevant mandates, laws, and regulations. Uncover any gaps that may exist.
- Determine any business unit-specific requirements that may exist due to geography, region, data, vertical, etc., and how those differ from or overlap with firmwide or departmental mandates.
- Assist in the completion of internal and external security assessments for the business unit.
**Behaviors**
- Ability to operate with little supervision and guidance.
- Ability to collaborate and build consensus with stakeholders across multiple functions.
- Ability to lead cross-functional teams to execute on security and business unit objectives.
- Relies on influence, not authority, to get things done.
- Advocates for the business unit and for security.
- Process driven, and has eye for detail, automation, and efficiency to improve programs-processes.
**Qualifications**
- Bachelor's Degree in a relevant major or equivalent experience in security, risk, audit, compliance, and management.
- 7+ years of experience in an IT-security field with strong demonstrable evidence of a technical background or security risk assessments - audit field.
- Relationship management, team building, and facilitation.
- Presentation, data analysis and problem-solving skills.
- Ability, drive and motivation to research and provide the right guidance and find possible solutions. Ability to push back where the risk outweighs the benefits.
- Adaptive communication skills; can speak to audiences at varying corporate altitudes and business functions.
- Abi