Job Description:
• Lead client audits (onsite/virtual) including presentation of evidence, explanation of controls, planning and execution of pre and post audit activities (coordinate needed remediation, etc.).
• Support commercial teams to present Experian's security controls and risk posture to clients through Requests for Information / Requests for Proposal and/or pre-sales consultancy.
• Review contractual security clauses & deliverables under contractual agreements to ensure Experian does not exceed risk tolerance or be put in a position where it fails in its ability to meet client requirements.
• Take the lead on articulating Experian's security posture to justify any changes with clients.
• Analyze audit results and post audit reports and follow up on security items.
• Conduct gap analysis and articulate contractual risks to internal stakeholders to enable risk-informed contractual decisions.
• Maintain current and up-to-date evidence repository
• Provide accurate, valid, and appropriate responses in a timely manner to security questionnaires and ad-hoc inquiries sent by prospective and existing clients and business partners.
• Provide SME consultancy to Business Units on Experian information security governance and risk management framework in the context of the above.
• Maintain client-facing security documentation ensuring its continued relevance and accuracy.
• Collaborate with global team members across regions to ensure consistent experiences for clients around the world, and act as a mentor to junior members in sharing knowledges and experiences.
Requirements:
• In-depth experience reviewing and negotiating contractual terms presented by clients / third parties and understanding the associated risks, communicate the risks to stakeholders and making recommendations
• At least 8 years of experience working in an enterprise IT environment with at least 5 of those years executing internal or external audits, with exposure to supporting roles
• Project management skills
• Experience leading different cyber security audits of varying complexity
• Hands-on experience auditing cloud environments and tactically implementing cloud controls (AWS, GC, Azure, etc.)
• Experience with cloud-native tools such as AWS Security Hub, Azure Security Center, or other 3rd party tools to assess the security posture of cloud environment against industry benchmarks (such as NIST 800-53, CIS, MITTRE ATT&CK, CSA CSM, ISO27002, etc.)
• Professional security certification such as CCSP/CCSK/CISSP/CISM/CISA/ISO27001LA or other equivalent, or willingness to pursue other relevant accreditations (company supported)
Benefits:
• Great compensation package and bonus plan.
• Core benefits including medical, dental, vision, and matching 401K.
• Flexible work environment, ability to work remote, hybrid or in-office.
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.