Information Security Specialist Lead

at  EXPERIAN

Full-time
Employee Status: Regular
Role Type: Home
Department: Legal & Compliance
Schedule: Full Time
Shift: Day Shift

ABOUT US, BUT WE’LL BE BRIEF

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine. Experian prioritizes our culture and look to bring people to the team who are passionate about their jobs, who are easy to work with, and who continue to value team over self.
We have 23,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.

JOB DESCRIPTION

About us, but we’ll be brief
Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been listed as one of the 100 “World’s Most Innovative Companies” by Forbes Magazine.
What you’ll be doing
Lead member of the Security Risk and Controls team reporting to the Information Security Director. You will lead the identification, documentation, and formalization of security risk and controls framework across the Enterprise to meet the cybersecurity and risk requirements set by Experian. The Information Security Specialist lead will contribute to the team’s goals of ensuring a sound security posture by assessing the risk-based design of security controls and security capabilities. The Lead Security Control Analyst will contribute the design and operation of best practice cyber risk management practices, collaborating with stakeholders across all Security and IT teams in the Enterprise.

Summary of Primary Responsibilities

• Lead the security risk and controls team in engaging with Regional Business Unit and Centralized security and IT control owners across the Enterprise to populate the controls library.
• Maintain and update the integrated risk and controls framework based on information security policies and industry best practices and standards.
• Review control activities populated by control owners to ensure they align with requirements outlined in control standards and objectives.
• Identify, document, and report control activity gaps and provide recommendations for remediation.
• Compile management reports, summary analysis, and detailed presentations to describe risk and controls program.
• Develop and present content for controls implementation workshops with control owners across the Enterprise.
• Ensure information security controls are aligned and mapped to applicable risks (risk types and risk register entries) in Archer GRC platform.
• Monitor and stay abreast of internal and external risk indicators for impacts and potential disruptions to the organization and mission. Provide these risk indicators as inputs to control assurance and other EGSO activities.
• Contribute to the efficiency of the risk and controls program by ensuring that processes and methodologies are standardized, and stakeholder feedback is captured to ensure continual improvement and an effective engagement model.

QUALIFICATIONS

What your background looks like

• Knowledge of information security frameworks such as ISO 27001/2, NIST CSF, PCI DSS, and HIPAA.
• Knowledge of information security risk management management/analysis frameworks such as Open FAIR, NIST 800-37, NIST 800-39.
• Knowledge of governance, risk, and controls principles and operational impacts of cybersecurity lapses.
• Good collaboration and interpersonal skills.
• Extensive knowledge of IT technologies and methods to secure them with a deep knowledge of Cloud security. A working knowledge of AWS cloud environment is a plus.
• Drive the Risk and Control teams continuing maturity using new technologies such as AI and ML.
• Proficient in verbal and written communication.
• Proficient in security control design, implementation, and evaluation.
• Proficient in performing impact/risk assessment.
• Ability to facilitate small to medium size group meetings with senior leadership audiences.
• Bachelor’s degree in computer science, management information systems or relevant field or equivalent demonstrable experience.
• Certifications: CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or comparable certifications.

Experience:

• 5+ years’ experience performing IT Audit, Information Security control assessments.
• Experience with GRC tools, such as Archer.

• Lead the security risk and controls team in engaging with Regional Business Unit and Centralized security and IT control owners across the Enterprise to populate the controls library.
• Maintain and update the integrated risk and controls framework based on information security policies and industry best practices and standards.
• Review control activities populated by control owners to ensure they align with requirements outlined in control standards and objectives.
• Identify, document, and report control activity gaps and provide recommendations for remediation.
• Compile management reports, summary analysis, and detailed presentations to describe risk and controls program.
• Develop and present content for controls implementation workshops with control owners across the Enterprise.
• Ensure information security controls are aligned and mapped to applicable risks (risk types and risk register entries) in Archer GRC platform.
• Monitor and stay abreast of internal and external risk indicators for impacts and potential disruptions to the organization and mission. Provide these risk indicators as inputs to control assurance and other EGSO activities.
• Contribute to the efficiency of the risk and controls program by ensuring that processes and methodologies are standardized, and stakeholder feedback is captured to ensure continual improvement and an effective engagement model