Senior Information Security Specialist (Client Security Assurance)

Company Description

About us, but we’ll be brief

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

The Client Security Assurance team is the function within Experian’s Global Security Office (EGSO) which provides B2B clients assurance that Experian’s control environment is the secure choice for them.  CSA provides pre- and post-sales security support through RFP’s / RFI’s and contract negotiations, as well as supporting the ongoing due diligence and maintenance of relationships through responses to questionnaires, client-led audits of the security controls, and respond to ad-hoc security inquires related to emerging threats.   

This role interfaces with Experian internal and external stakeholders; having strong communication and project management skills is of paramount importance.  

The Information Security Expert works with stakeholders to fulfil client’s security requirements such as leading third-party assessments and audits, supporting commercial teams with security components of RFPs/RFIs, reviewing security clauses and deliverables in contracts and agreements, and supporting legal and compliance on regulatory security requirements by bringing subject matter expertise to the context of client environments. The role requires a strong ability to interface with technical and non-technical business experts and articulate Experian’s security posture accurately to aid in the sales and security audit process.  This is achieved by quickly understanding the business environment, key products and processes, internal and external security standards and applicable regulations, in addition to building excellent relationships across Experian globally.

Job Description

With a client-focused attitude: 

• Lead client audits (onsite/virtual) including presentation of evidence, explanation of controls, planning and execution of pre and post audit activities. 
• Support commercial teams to present Experian’s security controls and risk posture to clients through Requests for Information / Requests for Proposal and/or pre-sales consultancy. 
• Review contractual security clauses & deliverables under contractual agreements to ensure Experian does not exceed risk tolerance or be put in a position where it fails in its ability to meet client requirements. Take the lead on articulating Experian’s security posture to justify any changes with clients. 
• Analyse audit results and post audit reports and follow through on security items. 
• Present contractual risks clearly and effectively to internal stakeholders to enable risk-informed contractual decisions. 
• Maintain current and up-to-date evidence repository. 
• Provide accurate, valid, and appropriate responses in a timely manner to security questionnaires and ad-hoc inquiries sent by prospective and existing clients and business partners. 
• Provide expert consultancy to Business Units on Experian information security governance and risk management framework in the context of the above. 
• Maintain client-facing security documentation ensuring its continued relevance and accuracy. 
• Collaborate with global team members across regions to ensure consistent experiences for clients around the world, and act as a mentor to junior members.
• Strive to add value to internal and external stakeholders through various interactions. 

Qualifications

• Strong understanding of key network and technical security controls  
• Investigative and critical thinking skills for addressing findings  
• Solid understanding of security concepts as they apply to various environments (on prem., cloud, etc.) 
• Robust documentation skills  
• Excellent communication skills with the ability to tailor communication of technically complex issues to various audiences 
• Strong project management/organization and client management skills to handle multiple tasks and control expectations of client-imposed deadlines (and internal stakeholders)  
• Takes ownership of stakeholders concerns and follows through to resolution  
• Process driven, and has eye for detail, automation, and efficiency to improve programs/processes 
• Experienced with use of collaboration tools such SharePoint, Confluence, ServiceNow, and Salesforce 
• Fluent in English  
• Project management skills and the ability to coordinate and lead varying cyber security audits (and projects) of varying complexity  
• 8+ years of experience working in an enterprise IT environment with at least 5 of those years executing internal or external audits, with exposure to supporting roles 
• Experience in auditing cloud environments and implementing cloud controls (AWS, GC, Azure, etc.)  
• Experience with reviewing and negotiating contractual terms presented by clients / third parties and understanding how the enterprise can support those requests. 
• Professional security certification such as CCSP/CCSK/CISSP/CISM/CISA/ISO27001LA or other equivalent, or willingness to pursue other relevant accreditation (company supported) 

Preferred

• 8-12 years of experience in client-facing aspect –as an auditor or auditee, consulting, account management, responding to Security/Operational/Process questionnaires, bids, RFP, proposals, etc.
• Legal background

Additional Information

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.