Information Security Control Assurance Manager

Summary

Join Experian as an Information Security Control Assurance Manager and lead a team evaluating security controls across on-premise and cloud systems. You will oversee security control testing, ensuring compliance with regulations and industry standards. This UK-based remote position requires experience managing IT auditors or information security control assessors and performing IT audits or information security control assessments, particularly with cloud security controls. The role involves designing testing methodologies, compiling reports, and improving testing program efficiency. You will report to the Information Security Risk & Control Director. Experian offers a competitive benefits package.

Requirements

• Experience managing a team of IT auditors or Information Security control assessors
• Experience performing IT Audit or Information Security control assessments, with specific experience testing cloud security controls
• Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent
• Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT
• Experience with current automated and manual industry methods for evaluating security controls on prem and in cloud environments

Responsibilities

• Oversee information security control testing program following Experian's risk management framework, working with teams and partners across multiple regions
• Oversee a team of security control testers responsible for assessing information systems, platforms, and operating procedures following established corporate standards for security
• Design repeatable testing methodologies to support control assurance testing, including automated testing steps for cloud environments
• Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria
• Compile management reports, summary analysis, and detailed presentations to describe risk, controls, and control deficiencies to multiple partners
• Improve the efficiency of the control testing program by ensuring Goals are measurable and testing materials are standardized

Preferred Qualifications

• Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender
• Experience with cloud security controls within environments such as AWS and Azure
• Experience using automation, data driven testing techniques and generative AI to gain efficiency in control assurance
• Big 4 accounting experience
• Experience creating queries and reports using RSA Archer and ServiceNow

Benefits

• Great compensation package and discretionary bonus plan
• Core benefits include pension, bupa healthcare, sharesave scheme and more
• 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave