Senior IT Security Controls Assurance Analyst
Experian
$0-$0 / yr
Salary
costa rica
Region
ASAP
Start Date
About Experian
Experian is a global data and technology company, powering opportunities for people and businesses around the world. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more. Experian invests in people and new advanced technologies to unlock the power of data. We have an amazing team of 25,200 people in 32 countries.
About this Role.
As a Senior Control Assurance Assessor, you will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premise and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard Experian's assets. You will conduct assurance activities to assess control design, performance, and compliance with industry standards and regulatory requirements.
You will identify control gaps, documenting findings, and providing recommendations for improvements to mitigate risks. You will be required to leverage data-driven testing techniques and follow a defined testing methodology, collaborating with stakeholders to ensure that controls are fit for purpose, in response to emerging risks and regulatory changes.
Responsibilities:
Conduct security control assessments, using documented control activities (where they exist) and regulatory requirements.
Develop and execute test plans, test cases, and procedures, using data from security tools to capture evidence.
Use queries and dashboards to identify potential control failures as part of the control testing process.
Ensure the accuracy and timely completion of control testing, providing peer review if necessary.
Document findings, including root cause analysis and applicable recommendations for remediation.
Be the primary liaison with business stakeholders, delivering clear progress updates and results.
Contribute lessons learned by integrating partner feedback to improve the control testing program.
Bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
Advanced English proficiency.
3+ years' experience performing IT Audit or security control testing.
5+ years' of experience in Information Security or Information Technology.
Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains.