Full-Time Senior Control Assurance Assessor

As a Senior Control Assurance Assessor, you'll test security controls both on-premise and in the cloud to ensure design implementation, safeguarding Experian's assets.

You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager.

Identifying gaps, documenting findings, and recommending improvements to mitigate risks are important responsibilities. Using data-driven testing techniques and a defined methodology, you'll collaborate to ensure controls meet current risks and regulatory requirements.

Primary Responsibilities

• Conduct security control assessments, using documented control activities (where they exist) and regulatory requirements.
• Develop test plans, test cases, and procedures, applying data from security tools to capture evidence.
• Use queries and dashboards to identify potential control failures as part of the control testing process.
• Ensure the accuracy and timely completion of control testing, providing peer review.
• Document findings, including root cause analysis and applicable recommendations for remediation.
• Be the primary liaison with partners, delivering clear progress updates and results.
• Contribute lessons learned by integrating partner feedback to improve the control testing program.

What your background is

• A bachelor's degree in computer science, management information systems, or a relevant field, or equivalent demonstrable experience.
• 5+ years' of experience in Information Security or Information Technology
• 3+ years' experience performing IT Audit or security control testing.
• Knowledge of internal audit methodologies, including risk assessment, execution, and reporting.
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
• Experience with sector-specific frameworks (e.g., HIPAA, PCI).

Technical Skills

• Proficiency with security tools (SailPoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, penetration testing).
• Knowledge of cloud technologies (AWS, Azure).
• Experience using generative AI (e.g., ChatGPT) for test strategies, reports, and communications.
• Skills in automation and analytics tools (Excel, Tableau, Alteryx, or PowerBI).
• Create queries and reports in RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies

• Understanding of cybersecurity principles and organizational requirements.
• Experience applying governance, risk, and control principles.
• Experience in automated and manual testing of security controls.
• Experience facilitating meetings and conveying complex ideas.
• Data collection, validation, analysis, and interpretation.
• Experience Researching and applying latest technologies.
• Experience with Agile methodology.
• Big 4 accounting experience.
• Hold a professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.

What is the last date for applying to the job?

Which countries are accepted for this remote job?