Senior Security Controls & Assurance Analyst

The Equifax Security Governance, Compliance and Planning & Execution organization is currently looking for a Security Controls & Assurance Analyst to support Equifax’s comprehensive assurance and compliance efforts. The successful candidate will work in a fast paced, highly dynamic and challenging, globally diverse environment.

What you’ll do

• Responsible for supporting a global program to identify, validate, and communicate process, application and network layer risks based on the EFX Security Control Framework.
• Run test plans, scripts and procedures to ensure that controls are operating effectively and efficiently.
• Responsible for conducting multiple enterprise-level security control testing audits simultaneously. 
• Responsible for evidence collection and validation in support of security controls testing initiatives.
• Identify, document and track remediation of gaps found during the testing efforts.
• Conduct root cause analysis of control failures and provide recommendations for remediation.
• Collaborate with stakeholders and cross functional teams globally.

What experience you need 

• Bachelor’s degree in Computer Science, Systems Engineering or equivalent work experience.
• 5+ years of previous technical experience with information security, control assurance, or security/risk consulting.
• 4+ years of working experience with IT security domains (e.g. Vulnerability Management, Access Controls, Cryptography, Data Protection, Perimeter Security, etc.) and control frameworks such as NIST, PCI, ISO27001, etc.
• 2+ years of experience in automated and manual security testing on network infrastructure e.g. assets, servers, applications, etc.
• 2+ years of experience in scripting automation

What could set you apart

• Must possess an understanding on how to evaluate the design and operating effectiveness of security controls supporting IT security domains.
• Security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager),  CISA (Certified Information Systems Auditor) or related certifications.
• Experience performing assessments of information security programs
• Passionate to learn new technologies, best practices and contribute to the broader global infrastructure and security teams.

Primary Location:

CRI-Sabana

Function:

Function - Security Governance and Compliance

Schedule:

Full time