Full-Time Senior Information Security Controls Assessor

As a Senior Control Assurance Assessor, you'll test security controls on-premise and in the cloud to ensure design implementation and safeguard Experian's assets. You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager.

Key Responsibilities:

1. Conduct security control assessments, using documented control activities and regulatory requirements.
2. Develop test plans, test cases, and procedures, applying data from security tools for evidence capture.
3. Identify potential control failures using queries and dashboards.
4. Ensure accurate and timely completion of control testing, including peer review.
5. Document findings, root cause analysis, and remediation recommendations.
6. Act as the primary liaison with partners, delivering clear progress updates and results.
7. Contribute lessons learned by integrating partner feedback to improve the control testing program.

Required Background:

• Bachelor's degree in Computer Science, Management Information Systems, or relevant field, or equivalent demonstrable experience.
• 5+ years' experience in Information Security or Information Technology
• 3+ years' experience in IT Audit or security control testing.
• Knowledge of internal audit methodologies (risk assessment, execution, reporting).
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
• Experience with sector-specific frameworks (e.g., HIPAA, PCI).

Technical Skills:

• Proficiency with security tools (SailPoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, penetration testing).
• Knowledge of cloud technologies (AWS, Azure).
• Experience using generative AI (e.g., ChatGPT).
• Skills in automation and analytics tools (Excel, Tableau, Alteryx, or PowerBI).
• Create queries and reports in RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies:

• Understanding of cybersecurity principles and organizational requirements.
• Experience applying governance, risk, and control principles.
• Experience in automated and manual testing of security controls.
• Experience facilitating meetings and conveying complex ideas.
• Data collection, validation, analysis, and interpretation.
• Experience researching and applying latest technologies.
• Experience with Agile methodology.
• Big 4 accounting experience.
• Professional certifications (e.g., CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent).

What is the last date for applying to the job?

Which countries are accepted for this remote job?