Information Security Regulatory Governance Specialist US Remote
Costa Mesa, CA, United States
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
About us, but we’ll be brief
Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.
Experian Global Security Office (EGSO) provides a full suite of information security services from engineering to security risk management, policy, metrics, and identity management. Its vision is to protect, connect and create its business in a secure and resilient manner. The Information Security Governance team is the principal advocate for information security and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the organization.
As an Information Security Regulatory Governance Specialist, you will join a talented and experienced information security team and help to define the security posture of a top global company. This is an enterprise-wide program that assesses cyber security practices at Experian against information security regulation. This role will serve as a subject matter expert for information security regulation for senior leadership and other stakeholders. To thrive in this role, you must be detail oriented, able to distil complex security concepts down to a simple level and work with people from all levels of the business.
Job Description
Review the impact of new regulation and delivering assessments including evidence gathering and compliance assessments.
Work with Legal, Compliance, Control Assurance, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.
Work with stakeholders to build plans of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.
Identify, document, and report control deficiencies and associated recommendations for improvement.
Develop and communicate reports to describe regulatory risk and associated remediation action.
Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.
Support the alignment of the policies and standards to both regulations and best practice.
Review and challenge first line business units’ programs to support compliance with policies, standards, and regulations.
Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.
Participate in key and strategic initiatives representing the Information Security Governance team and providing subject matter expertise in the regulatory space.
Qualifications
At least 8-12 years of experience in one or more of the following areas: Information Security, Technology Governance, Technology Audit, Information Technology Compliance.
8+ years of experience of information security regulations with a focus in financial services preferred, such as NYDFS, CFPB and GLBA.
Detailed knowledge of respective industry best practices (e.g., NIST, ISO, CMMI) and broad knowledge of cybersecurity technologies
Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches.
Knowledge of current industry trends in information security regulatory.
Excellent written and verbal communication skills with the confidence to effectively tailor communication of technically complex issues for both technical and non-technical audiences and stakeholders at every level of the organization.
Process driven with an eye for detail.
Able to be a subject matter expert on information risk management, regulation, policies, and standards.
Hands-on experience with GRC tools such as ServiceNow and RSA Archer is preferred.
Candidates with professional information security certifications such as CISSP, CISM, CISA would be a good fit for this role.
Additional Information
Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISSP Compliance GLBA Governance NIST Risk analysis Risk management RSA Security strategy Strategy
Perks/benefits: Career development Health care Medical leave Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs