Information Security Control Assurance Manager

Summary

Join Experian, a world-leading information services company, as an Information Security Control Assurance Manager. Lead a team evaluating security controls for on-premise and cloud processes, ensuring compliance with regulatory standards. Direct the team in testing security controls and ensure quality assessments through testing and collaboration. You will manage control testing programs, design testing methodologies, and compile management reports. This permanent, home-based role in Costa Rica offers a comprehensive benefits package and the opportunity to work in a dynamic, award-winning culture.

Requirements

• Bachelor's degree in computer science, management information systems, or equivalent experience
• 3+ years managing IT auditors or Information Security control assessors
• 12+ years in IT Audit or Information Security control assessments, including cloud security controls
• Professional certifications like CISA, CISM, CISSP, ISO 27001 Lead Auditor
• Knowledge of standards like NIST 800-53, ISO 27001/27002, CIS Controls, COBIT
• Experience with automated and manual methods for evaluating security controls on-premise and in cloud environments
• Communicate complex information
• Use partner feedback to improve processes
• Knowledge of security tools like Sailpoint, Rapid7, Wiz.io , MS Defender
• Experience with cloud security in AWS and Azure
• Automation, data-driven testing techniques, and generative AI for control assurance
• Create queries and reports using RSA Archer and ServiceNow
• Familiarity with Kanban boards and Jira

Responsibilities

• Oversee the information security control testing program, collaborating across regions
• Manage a team of testers to assess information systems per corporate security standards
• Design repeatable testing methodologies, including automation for cloud environments
• Plan control tests with risk identification, sampling, control selection, testing methods, and reporting criteria
• Manage teams in testing the design and effectiveness of security controls, including fieldwork and reporting
• Ensure quality assurance for control testing documentation
• Compile management reports and presentations on risks, controls, and deficiencies
• Be the primary contact for control tests, ensuring quality engagements and partner communications
• Improve the efficiency of the control testing program by standardizing indicators and testing materials

Preferred Qualifications

• Big 4 consultant experience
• Knowledge of cybersecurity principles: integrity, availability, authentication, non-repudiation
• Mentor junior team members, encouraging continuous improvement
• Security reporting to senior management on posture, control effectiveness, risks
• Apply security governance, risk, and control principles
• Proficiency in automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI)
• Agile working methodology experience

Benefits

• Medical, life and dental insurance
• Asociacion Solidarista
• International Share Save Plan
• Flex Work Work from home
• Paid time off
• Annual Performance Bonus
• Education Reimbursement
• Family Bonding
• Bereavement Leave
• Referral Program