Information Security Expert, Client Security Assurance

Job Description: • Lead client audits (onsite/virtual) including presentation of evidence, explanation of controls, planning and execution of pre and post audit activities (coordinate needed remediation, etc.). • Support commercial teams to present Experian's security controls and risk posture to clients through Requests for Information / Requests for Proposal and/or pre-sales consultancy. • Review contractual security clauses & deliverables under contractual agreements to ensure Experian does not exceed risk tolerance or be put in a position where it fails in its ability to meet client requirements. • Take the lead on articulating Experian's security posture to justify any changes with clients. • Analyze audit results and post audit reports and follow up on security items. • Conduct gap analysis and articulate contractual risks to internal stakeholders to enable risk-informed contractual decisions. • Maintain current and up-to-date evidence repository. • Provide accurate, valid, and appropriate responses in a timely manner to security questionnaires and ad-hoc inquiries sent by prospective and existing clients and business partners. • Provide SME consultancy to Business Units on Experian information security governance and risk management framework in the context of the above. • Maintain client-facing security documentation ensuring its continued relevance and accuracy. • Collaborate with global team members across regions to ensure consistent experiences for clients around the world, and act as a mentor to junior members in sharing knowledges and experiences. Requirements: • At least 8 years of experience working in an enterprise IT environment with at least 5 of those years executing internal or external audits. • Project management skills. • Experience leading different cyber security audits of varying complexity. • Hands-on experience auditing cloud environments and tactically implementing cloud controls (AWS, GC, Azure, etc.). • Experience reviewing, redlining and negotiating security terms in contracts (SOW, STAC, etc.). • Experience with cloud-native tools such as AWS Security Hub, Azure Security Center, or other 3rd party tools to assess the security posture of cloud environment against industry benchmarks (such as NIST 800-53, CIS, MITTRE ATT&CK, CSA CSM, ISO27002, etc.). • Professional security certification such as CCSP/CCSK/CISSP/CISM/CISA/ISO27001LA or other equivalent, or willingness to pursue other relevant accreditations (company supported). Benefits: • Great compensation package and bonus plan. • Core benefits including medical, dental, vision, and matching 401K. • Flexible work environment, ability to work remote, hybrid or in-office. • Flexible time off including volunteer time off, vacation, sick and 12-paid holidays. Apply tot his job