Full-Time Information Security Control Assurance Manager

What you'll doAs an Information Security Control Assurance Manager, you will manage a team that evaluates security controls across processes both on-premise and in the cloud, to ensure they mitigate risks and comply with regulatory and industry standards. Reporting to the Global Head of Information Security, you will provide direction and manage the team in conducting security control testing, to verify the design, implementation, and operational effectiveness of controls. You will work in an Agile environment, ensuring the quality of security assessments through testing, automation, and collaboration with teams and several partners.

Summary of Primary Responsibilities

• Oversee information security control testing program following Experian's risk management framework, collaborating with teams across regions.
• Manage a team of security control testers to assess information systems according to corporate security standards.
• Design repeatable testing methodologies for control assurance, including automated steps for cloud environments.
• Plan control tests with risk identification, sampling, control selection, testing methods, and reporting criteria.
• Manage control testing teams in design and effectiveness testing of security controls, including fieldwork and reporting.
• Ensure quality assurance for control testing documentation, ensuring accurate and timely completion.
• Compile management reports and presentations to describe risk, controls, and deficiencies to partners.
• Be the primary contact for control tests, ensuring quality of engagements and partner communications.
• Improve the efficiency of the control testing program by standardizing indicators and testing materials.

What your background is

• A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
• 3+ years' experience managing a team of IT auditors or Information Security control assessors.
• 12+ years of experience performing IT Audit or Information Security control assessments, with specific experience testing cloud security controls.
• Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
• Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
• Experience with current automated and manual industry methods for evaluating security controls on prem and in cloud environments.
• Communicate complex information, both verbally and in writing.
• Experience using partner feedback to improve existing processes and future engagements.

Technical Skills

• Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender.
• Experience with cloud security controls within environments such as AWS and Azure.
• Experience applying automation, data-driven testing techniques and generative AI to gain efficiency in control assurance.
• Experience creating queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

What is the last date for applying to the job?

Which countries are accepted for this remote job?