Sr. Control Assurance Assessor
Heredia, Costa Rica
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
About us, but we'll be brief
Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. Also, for the last five years we've been listed as one of the 100 "World's Most Innovative Companies" by Forbes Magazine.
Job Description
What you'll do
Our Controls Assurance Testing Team is looking for an individual contributor for the Senior Control Assurance Assessor with expertise in data-driven testing techniques. You will report to the Information Security Control Assurance Testing Manager. You will be offered the opportunity to provide second-line defense assurance services, ensuring that security controls are robustly designed and implemented to safeguard Experian's assets.
Summary of Primary Responsibilities
- Conduct security control assessments, managing the process from planning through to reporting, including, understanding controls in scope, gathering assets populations and selecting samples, planning the assessment, evaluating whether the controls are designed and working as intended, writing issues and communicating the issues, and reporting on the test results.
- Develop test plans, test cases/steps, and procedures, using data from security tools to capture evidence.
- Use queries and dashboards to identify potential control failures.
- Ensure the accuracy and timely completion of control testing, providing peer review.
- Document findings, including root cause analysis and recommendations for remediation.
- Be the primary liaison with team members, delivering clear progress updates and results.
- Contribute to the efficiency of the control testing program by establishing measurable indicators, standardizing testing materials, and integrating partner feedback for improvement.
Qualifications
What your background is
- A bachelor's degree in computer science, management information systems, or a relevant field, or equivalent demonstrable experience.
- 3+ years' experience performing IT Audit or security control testing.
- 5+ years' of experience in Information Security or Information Technology.
- Demonstrated experience in conducting security control testing and evaluations within an internal audit framework.
- Knowledge of internal audit methodologies, including risk assessment, planning, execution, and reporting.
- Hold a professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.
- Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
- Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
- Experience with sector-specific frameworks (e.g., HIPAA, PCI).
Technical skills
- Knowledge of security tools such as Sailpoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, and penetration testing tools.
- Familiarity with cloud concepts and technologies, AWS and Azure
- Experience using generative AI such as Chat GPT to create test strategies, reports, and communications.
- Proficiency in automation and analytics tools (e.g., Excel, Tableau, Alteryx, and PowerBI).
- Experience creating queries and reports using RSA Archer and ServiceNow.
- Familiarity with Kanban boards and Jira.
Desired Competencies:
- Experience with cybersecurity principles and organizational requirements.
- Apply governance, risk, and control principles.
- Proficiency in both automated and manual testing of information security controls.
- Facilitate small group meetings and communication of complex ideas.
- Collect, validate, analyze, and translate test data into evaluative conclusions.
- Research and application of knowledge about new technologies.
- Agile working methodology experience.
Additional Information
This is a permanent remote home-based role in Costa Rica. No relocation available.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.
#LI-ML2 #LI-Remote
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Analytics Audits Automation AWS Azure CCPA ChatGPT CISA CISM CISSP Cloud Computer Science GDPR Generative AI Governance HIPAA ISO 27001 Jira Kanban NIST NIST 800-53 PCI QSA Pentesting Privacy Risk assessment RSA SailPoint SIEM Vulnerability management
Perks/benefits: Insurance Medical leave Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.