Full-Time Senior Security Control Assessor

What you'll doOur Controls Assurance Testing Team is looking for a Senior Control Assurance Assessor with expertise in data-driven testing techniques. You will report to the Information Security Control Assurance Testing Manager. You will provide second-line defense assurance services, ensuring security controls are robustly designed and implemented to safeguard Experian's assets.

Summary of Primary Responsibilities

• Conduct security control assessments, managing the process from planning to reporting.
• Develop test plans, test cases/steps, and procedures, using data from security tools to capture evidence.
• Use queries and dashboards to identify potential control failures.
• Ensure the accuracy and timely completion of control testing, providing peer review.
• Document findings, including recommendations for remediation.
• Be the primary liaison with team members, delivering clear progress updates and results.
• Contribute to the efficiency of the control testing program by establishing measurable indicators, standardizing testing materials, and integrating partner feedback.

What your background is

• Bachelor's degree in computer science, management information systems, or a relevant field, or equivalent experience.
• 3+ years' experience performing IT Audit or security control testing.
• 3+ years' experience in Information Security or Information Technology.
• Demonstrated experience in conducting security control testing and evaluations within an internal audit framework.
• Knowledge of internal audit methodologies, including risk assessment, execution, and reporting.
• Professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
• Experience with sector-specific frameworks (e.g., HIPAA, PCI).

Technical skills

• Knowledge of security tools (Sailpoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, penetration testing tools).
• Familiarity with cloud concepts and technologies (AWS and Azure).
• Experience using generative AI (Chat GPT).
• Proficiency in automation and analytics tools (Excel, Tableau, Alteryx, PowerBI).
• Experience creating queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies

• Experience with cybersecurity principles and organizational requirements.
• Apply governance, risk, and control principles.
• Proficiency in both automated and manual testing of information security controls.
• Facilitate small group meetings and communication of complex ideas.
• Collect, validate, analyze, and translate test data into evaluative conclusions.
• Research and application of knowledge about new technologies.
• Agile working methodology experience.

What is the last date for applying to the job?

Which countries are accepted for this remote job?