Lead Security Control Assessor

Summary

Join Experian's Control Assurance team as a lead member, conducting independent assessments of security controls in IT systems and cloud-based applications. You will design and deliver testing methodologies, lead control testing teams, and ensure the quality and security of applications. Responsibilities include identifying control deficiencies, creating reports, and collaborating with cross-functional teams in an Agile environment. This permanent, home-based role in Costa Rica requires extensive experience in control assurance, risk management, and cybersecurity. The position demands proficiency in various security tools and frameworks, along with strong communication and analytical skills. Experian offers a comprehensive benefits package.

Requirements

• 8+ years of experience working in Control Assurance or Risk environments
• Experience creating queries and reports using RSA Archer and ServiceNow
• Knowledge of security tools such as Sailpoint, Rapid7, Wiz.io , and MS Defender
• Knowledge of governance, risk, and controls principles
• Familiarity with cloud concepts and technologies, AWS and Azure
• Experience using generative AI such as Chat GPT to create test strategies, reports, and communications
• Familiarity with Kanban boards and Jira
• Familiarity with cybersecurity controls and security control frameworks such as ISO 27001, NIST, PCI, and HIPAA
• Understanding of current industry methods for evaluating controls, particularly in cloud environments
• Experience preparing plans and related correspondence
• Experience with control activities, identifying and writing/communicating findings and performing root cause analysis
• Proficient in preparing and presenting briefings
• Strong relationship management skills, demonstrating commitment to delivering quality results
• Experience utilizing feedback to improve processes and engagements
• Experience identifying systemic issues from analyzing testing data
• Competent in answering questions clearly and concisely, as well as asking clarifying questions
• Capable of communicating complex information, both verbally and in writing
• Ability to facilitate small group meetings and collect, verify, validate, and analyze test data
• Experience translating data and test results into evaluative conclusions
• Judicious in decision-making when controls are not well defined
• Proficiency in both automated and manual testing of information security controls

Responsibilities

• Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing frameworks for cloud environments
• Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria
• Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities
• Provide quality assurance for control testing documentation produced during testing, ensuring accurate completion of all required control testing documentation
• Identify and document control deficiencies, including root causes, risk descriptions, issue ratings, and recommendations for improvement
• Create and present reports of control testing findings to partners, socializing any findings
• Be the primary contact with partners for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates
• Contribute to the efficiency of the control testing program by ensuring indicators are measurable, that testing materials are standardized, and stakeholder feedback is captured to facilitate improvement
• Identify test cases for control activities and develop automated testing scripts to enhance the testing process
• Ability to determine the protection needs of information systems, processes, and networks

Benefits

• Medical, life and dental insurance
• Asociacion Solidarista
• International Share Save Plan
• Flex Work/Work from home
• Paid time off
• Annual Performance Bonus
• Education Reimbursement
• Family Bonding
• Bereavement Leave
• Referral Program