Information Security Controls Specialist Senior

As a Senior Control Assurance Assessor, you'll test security controls both on-premise and in the cloud to ensure design implementation, safeguarding Experian's assets. You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager. Identifying gaps, documenting findings, and recommending improvements to mitigate risks are important responsibilities. Using data-driven testing techniques and a defined methodology, you'll collaborate to ensure controls meet current risks and regulatory requirements.

Primary Responsibilities

• Conduct security control assessments, using documented control activities (where they exist) and regulatory requirements.
• Develop test plans, test cases, and procedures, applying data from security tools to capture evidence.
• Use queries and dashboards to identify potential control failures as part of the control testing process.
• Ensure the accuracy and timely completion of control testing, providing peer review.
• Document findings, including root cause analysis and applicable recommendations for remediation.
• Be the primary liaison with partners, delivering clear progress updates and results.
• Contribute lessons learned by integrating partner feedback to improve the control testing program.

Experience and Skills

• A bachelor's degree in computer science, management information systems, or a relevant field, or equivalent demonstrable experience.
• 5+ years' of experience in Information Security or Information Technology.
• 3+ years' experience performing IT Audit or security control testing.
• Knowledge of internal audit methodologies, including risk assessment, execution, and reporting.
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
• Experience with sector-specific frameworks (e.g., HIPAA, PCI).

Technical Skills

• Proficiency with security tools (SailPoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, penetration testing).
• Knowledge of cloud technologies (AWS, Azure).
• Experience using generative AI (e.g., ChatGPT) for test strategies, reports, and communications.
• Skills in automation and analytics tools (Excel, Tableau, Alteryx, or PowerBI).
• Create queries and reports in RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies

• Understanding of cybersecurity principles and organizational requirements.
• Experience applying governance, risk, and control principles.
• Experience in automated and manual testing of security controls.
• Experience facilitating meetings and conveying complex ideas.
• Data collection, validation, analysis, and interpretation.
• Experience researching and applying latest technologies.
• Experience with Agile methodology.
• Big 4 accounting experience.
• Hold a professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.

This is a permanent hybrid role in Costa Rica. No relocation available.

Culture at Experian

Experian's culture, people, and environments are main differentiators. We take our people's agenda very seriously. We focus on what matters; diversity and inclusion, work/life balance, flexible work, development, engagement, collaboration, wellness, rewards & recognitions, volunteering... the list goes on! Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a successful, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is necessary to our purpose of creating a better tomorrow.