Information Security Control Assurance Manager

Company Description

About us, but we'll be brief

Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. Also, for the last five years we've been named in the 100 "World's Most Innovative Companies" by Forbes Magazine. Experian prioritizes our culture and look to bring people to the team who are passionate about their jobs, who are easy to work with, and who continue to value team over self.

We have 23,000 people operating across 44 countries and every day we're investing in new technologies, experienced people, and new ideas to help all our clients maximize every opportunity.

Job Description

What you'll do

As an Information Security Control Assurance Manager, you will manage a team that evaluates security controls across processes both on-premise and in the cloud, to ensure they mitigate risks and comply with regulatory and industry standards. Reporting to the Global Head of Information Security, you will provide direction and manage the team in conducting security control testing, to verify the design, implementation, and operational effectiveness of controls. You will work in an Agile environment, ensuring the quality of security assessments through testing, automation, and collaboration with teams and several partners.

Summary of Primary Responsibilities

• Oversee information security control testing program following Experian's risk management framework, collaborating with teams across regions.
• Manage a team of security control testers to assess information systems according to corporate security standards.
• Design repeatable testing methodologies for control assurance, including automated steps for cloud environments.
• Plan control tests with risk identification, sampling, control selection, testing methods, and reporting criteria.
• Manage control testing teams in design and effectiveness testing of security controls, including fieldwork and reporting.
• Ensure quality assurance for control testing documentation, ensuring accurate and timely completion.
• Compile management reports and presentations to describe risk, controls, and deficiencies to partners.
• Be the primary contact for control tests, ensuring quality of engagements and partner communications.
• Improve the efficiency of the control testing program by standardizing indicators and testing materials.

Qualifications

What your background is

• A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
• 3+ years' experience managing a team of IT auditors or Information Security control assessors.
• 12+ years of experience performing IT Audit or Information Security control assessments, with specific experience testing cloud security controls.
• Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
• Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
• Experience with current automated and manual industry methods for evaluating security controls on prem and in cloud environments.
• Communicate complex information, both verbally and in writing.
• Experience using partner feedback to improve existing processes and future engagements.

Technical Skills

• Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender.
• Experience with cloud security controls within environments such as AWS and Azure.
• Experience applying automation, data-driven testing techniques and generative AI to gain efficiency in control assurance.
• Experience creating queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies:

• Big 4 consultant experience.
• Knowledge of cybersecurity principles and organizational requirements relevant to, integrity, availability, authentication, and non-repudiation.
• Mentor junior team members, encouraging a culture of continuous improvement in security practices.
• Experience in security reporting to senior management, providing applicable updates on security posture, control effectiveness, and identified risks.
• Apply security governance, risk, and control principles.
• Proficiency in automation and data analytics tools (e.g., Excel, Tableau, Alteryx, and PowerBI).
• Agile working methodology experience.

Additional Information

This is a permanent home-based role in Costa Rica. No relocation available.

Culture at Experian

Our uniqueness is that we value yours.

Experian's culture, people, and environments are main differentiators. We take our people's agenda very seriously. We focus on what matters; diversity and inclusion, work life balance, flexible work, development, engagement, collaboration, wellness, rewards & recognitions, volunteering... the list goes on!

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work life balance, development, authenticity, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experian's people first approach is award-winning; Great Place To Work™ in 24 countries, FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Hybrid