Full-Time Third Party Security Assessor

What you'll doThe Third Party Security Assessor undertakes general Third Party Security reviews. There are three major aspects to this position:

1. Conducting reviews of NEW Third Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements; guide security contract language and inputs into the Risk Management Process.
2. Conducting reviews of EXISTING Third Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements and inputs into the Risk Management Process.
3. You will support the Global Head of Third Party Security to improve the local Third Party Security (TPS) Management System and ensure that it meets local regulatory, policy and requirements.

Summary of Primary Responsibilities

• Update the Third Party inventory and programme within the region.
• Perform security assessments for our Third Parties using the Third Party Security Framework.
• Support in the development and improving TPS program.
• Provide on-demand consultancy to other teams within Information Security, Governance and the Business to help improve the security posture of third party organisations.
• Partner with regional TPS team, regional indirect sales and procurement to ensure procedures meet regional requirements / operating practices.
• Identify information security deficiencies, risks and exceptions to appropriate parties as soon as possible. Ensure 1LoD ownership and ensure non-compliance issues, exception justification, mitigation controls and risks are captured.
• Work with RISOs and other GSOs governance functions - assist and promote remediation activities to reduce security deficiencies identified.
• Help develop statistical reports on compliance deficiency trends and violations.

What your background is

• Experience in security field specially around security assessments or audit field.
• Research and provide the right guidance and find possible solutions & to push back where the risk outweighs the benefits.
• Curiosity to ask questions and challenge status quo.
• Problem Solving & Analysis.
• You will be process driven, with interest in automation and efficiency to improve programs.

• CISA, CISM, CISSP, PCI QSA or comparable certifications required.

What is the last date for applying to the job?

Which countries are accepted for this remote job?