Remote Lead Security Control Assessor

Summary

Join Experian as a Lead Member of the Control Assurance team to conduct independent assessments of security controls and ensure the quality and security of cloud-based and on-premise applications.

Requirements

• 8+ years of experience working in Control Assurance or Risk environments
• Experience creating queries and reports using RSA Archer and ServiceNow
• Knowledge of security tools such as Sailpoint, Rapid7, Wiz.io , and MS Defender
• Knowledge of governance, risk, and controls principles
• Familiarity with cloud concepts and technologies, AWS and Azure
• Experience using generative AI such as Chat GPT to create test strategies, reports, and communications
• Familiarity with Kanban boards and Jira
• Familiarity with cybersecurity controls and security control frameworks such as ISO 27001, NIST, PCI, and HIPAA
• Understanding of current industry methods for evaluating controls, particularly in cloud environments
• Experience preparing plans and related correspondence
• Experience with control activities, identifying and writing/communicating findings and performing root cause analysis
• Proficient in preparing and presenting briefings
• Strong relationship management skills, demonstrating commitment to delivering quality results
• Experience utilizing feedback to improve processes and engagements
• Experience identifying systemic issues from analyzing testing data
• Competent in answering questions clearly and concisely, as well as asking clarifying questions
• Capable of communicating complex information, both verbally and in writing
• Ability to facilitate small group meetings and collect, verify, validate, and analyze test data
• Experience translating data and test results into evaluative conclusions
• Judicious in decision-making when controls are not well defined
• Proficiency in both automated and manual testing of information security controls

Responsibilities

• Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing frameworks for cloud environments
• Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria
• Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities
• Provide quality assurance for control testing documentation produced during testing, ensuring accurate completion of all required control testing documentation
• Identify and document control deficiencies, including root causes, risk descriptions, issue ratings, and recommendations for improvement
• Create and present reports of control testing findings to partners, socializing any findings
• Be the primary contact with partners for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates
• Contribute to the efficiency of the control testing program by ensuring indicators are measurable, that testing materials are standardized, and stakeholder feedback is captured to facilitate improvement
• Identify test cases for control activities and develop automated testing scripts to enhance the testing process

Benefits

• Medical insurance
• Life insurance
• Dental insurance
• Asociacion Solidarista
• International Share Save Plan
• Flex Work/Work from home
• Paid time off
• Annual Performance Bonus
• Education Reimbursement
• Family Bonding
• Bereavement Leave
• Referral Program