Senior Information Security Specialist (Client Security Assurance)

Job Description

With a client-focused attitude:

• Lead client audits (onsite/virtual) including presentation of evidence, explanation of controls, planning and execution of pre and post audit activities.

• Support commercial teams to present Experian's security controls and risk posture to clients through Requests for Information / Requests for Proposal and/or pre-sales consultancy.

• Review contractual security clauses & deliverables under contractual agreements to ensure Experian does not exceed risk tolerance or be put in a position where it fails in its ability to meet client requirements. Take the lead on articulating Experian's security posture to justify any changes with clients.

• Analyse audit results and post audit reports and follow through on security items.

• Present contractual risks clearly and effectively to internal stakeholders to enable risk-informed contractual decisions.

• Maintain current and up-to-date evidence repository.

• Provide accurate, valid, and appropriate responses in a timely manner to security questionnaires and ad-hoc inquiries sent by prospective and existing clients and business partners.

• Provide expert consultancy to Business Units on Experian information security governance and risk management framework in the context of the above.

• Maintain client-facing security documentation ensuring its continued relevance and accuracy.

• Collaborate with global team members across regions to ensure consistent experiences for clients around the world, and act as a mentor to junior members.

• Strive to add value to internal and external stakeholders through various interactions.

Qualifications

• Strong understanding of key network and technical security controls

• Investigative and critical thinking skills for addressing findings

• Solid understanding of security concepts as they apply to various environments (on prem., cloud, etc.)

• Robust documentation skills

• Excellent communication skills with the ability to tailor communication of technically complex issues to various audiences

• Strong project management/organization and client management skills to handle multiple tasks and control expectations of client-imposed deadlines (and internal stakeholders)

• Takes ownership of stakeholders concerns and follows through to resolution

• Process driven, and has eye for detail, automation, and efficiency to improve programs/processes

• Experienced with use of collaboration tools such SharePoint, Confluence, ServiceNow, and Salesforce

• Fluent in English

• Project management skills and the ability to coordinate and lead varying cyber security audits (and projects) of varying complexity

• 8+ years of experience working in an enterprise IT environment with at least 5 of those years executing internal or external audits, with exposure to supporting roles

• Experience in auditing cloud environments and implementing cloud controls (AWS, GC, Azure, etc.)

• Experience with reviewing and negotiating contractual terms presented by clients / third parties and understanding how the enterprise can support those requests.

• Professional security certification such as CCSP/CCSK/CISSP/CISM/CISA/ISO27001LA or other equivalent, or willingness to pursue other relevant accreditation (company supported)

Preferred

• 8-12 years of experience in client-facing aspect -as an auditor or auditee, consulting, account management, responding to Security/Operational/Process questionnaires, bids, RFP, proposals, etc.

• Legal background

Additional Information

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.