Full-Time Information Security Governance Policy Senior Analyst

As our Information Security Governance Policy Senior Analyst, you will help define Experian's security posture.

You will touch all areas of the business, while also becoming an expert in security best practices, standards, and related regulations.

You will report to the Information Security Governance Policy Lead.

You'll have the opportunity to:

1. Lead the research and development of information security policies and their supporting documents, including detailed technical baselines based on industry best practices, with a focus on complex new technologies and cloud.
2. Communicate outcomes to senior leadership across Experian and negotiate with subject matter experts on the technical details of the policies and their supporting documents.
3. Review information security regulations and best practices to help align Experian policies and their supporting documents.
4. Work with industry partners to shape the development of industry frameworks and standards and provide insight to the business on upcoming trends and the external security landscape.
5. Collaborate with subject matter experts to determine the impact of changes to information security policies and their supporting documents. Ensure that changes to existing documents, new policies, and supporting documents are communicated.
6. Support policy document awareness initiatives and conduct training on policies and standards globally across Experian.
7. Review and provide expert checks and challenges on first-line business units' programs to support compliance with policies, standards, and regulations.
8. Support strategic initiatives representing the Information Security Governance team and provide subject matter expertise in the policy space.
9. Guide the Information Security Policy and Standards teams' continuing maturity using new technologies such as AI and ML.

Your background:

• Experience in information security, technology governance, technology audits, or information technology compliance.
• Bachelor's degree in Computer Science or Information Security, or equivalent experience.
• 4+ years of cybersecurity experience in enterprise environments.
• Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business.
• Knowledge of cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering, threats and vulnerabilities.
• Knowledge of IT technologies and methods to secure them with a knowledge of cloud security, including working knowledge of AWS.
• Understanding of industry best practices (e.g., NIST, ISO, COBIT, CMMI, OWASP, ITIL).
• Knowledge of current industry trends in information risk management.
• Understand and translate technical requirements for non-technical audiences.
• Industry certifications such as CCSP, CRISC, CISSP, CISM, or equivalent experience.
• Plus: Experience writing Information Security policies and standards.
• Plus: Knowledge of the financial services industry and its regulations.

What is the last date for applying to the job?

Which countries are accepted for this remote job?