Experian is the power behind the data. As the leading holder of consumer and business credit data, we’re transforming data into solutions that advance industries, move companies forward and improve the lives of millions of consumers around the world.
In 2018, we were named by Forbes magazine as one of the World’s Most Innovative Companies".
Experian’s Global Security Office's vision is to protect, connect and create its business in a secure and resilient manner.
Information Security is responsible for protecting information by the design and implementation of solutions and ensuring appropriate oversight.
We are growing and looking to hire an Information Security Consultant for our Global Security Office (GSO) Information Security Risk Management (ISRM) team.
The GSO sets and ensures that the Information Security policy and standards are implemented across Experian.
The Information Security Consultant provides consulting and assurance services to business. There are two major aspects to this position :
Providing consulting services to business as businesses engage the GSO to provide guidance with respect to new projects or development or technology deployments / enhancements.
Providing security assurance assessments services (projects, applications, infrastructure, etc.)
The position requires a strong ability to interface with technical and business experts and articulate the risk in information security as well as in business terms.
The position requires the individual to quickly understand the business environment, critical products and processes, internal and external standards and regulations and building excellent relationships across Experian globally.
The Information Security Consultant is responsible for, but not limited to, the following :
Perform periodic security assessment for existing environments including but not limited to applications, systems / servers, network infrastructure, databases, cloud services and other technologies and processes.
Perform deep dive security assessments for existing applications, technology, or processes.
Work with business unit stakeholders to formally capture gaps and remedial actions within the GRC system.
Perform security assessments for new projects such as new application development projects, data center build, network enhancements, or any other new technology or infrastructure build / enhancements.
Work with business unit representatives, subject matter experts and project management to ensure security requirements are understood and implemented as part of the project lifecycle.
The responsibilities also include staying with the project through the cycle (from inception to product implementation) and validating the implementation of security controls, as needed.
Partner with businesses and technology teams to research and provide security guidance for strategic projects involving new technologies or concepts (e.
g. moving a core application to cloud, or developing a mobile application, new authentication technology, encryption techniques or technologies, etc.
The position requires on-going partnership (vs. one-time guidance) to build environments and deploy technologies in a secure manner and mitigating risks beforehand truly positioning security as a business enabler.
Escalate risks to BU security champions and the Regional Information Security Officers (RISOs) as they appear.
Assist with pre- and post-acquisition security assessments.
Under the guidance of RISOs, work with businesses and technology teams to capture exception requests and information and ensure non-compliance issues, exception justification, mitigation controls and risks are appropriately captured. Escalate issues as needed.
Provide reporting metrics for InfoSec consulting function and progress on enhancement initiatives.
Process requests (for security assessments, various types of approval requests and other items) per the established SLAs.
Partner and work with other GSO teams to ensure GSO programs are deployed successfully, where applicable.
Bachelor’s degree in computer science or relevant field or equivalent demonstrable experience
5+ years of experience in security field specially around security assessments or audit field
Must have a strong technical background, with prior hands-on experience a plus
Must have demonstrable experience and strong understanding of technologies in one or more of the following areas : advanced authentication technologies, cloud security, mobile app development and security, SAML, switching and routing, network and end point security technologies (e.
g. anti-malware, end point encryption, DLP, end point intelligence), encryption and encryption key management, database and application monitoring, networking, system hardening, Active Directory, Linux, etc.)
Ability, drive and motivation to research and provide the right guidance and find possible solutions
Ability to push back where the risk outweighs the benefits
Curiosity to ask questions and challenge the status quo
Solid leadership skills
Excellent verbal and written communication skills.
Problem solving and analytical skills
Process driven, and has eye for detail, automation, and efficiency to improve programs / processes
Good collaboration, relationship and interpersonal skills
CISSP highly desired; CISA, CISM, PCI QSA or comparable certifications preferred but not required