Information Security Control Assurance Senior Manager

Company Description

Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. Also, for the last five years we've been named in the 100 "World's Most Innovative Companies" by Forbes Magazine. Experian prioritizes our culture and look to bring people to the team who are passionate about their jobs, who are easy to work with, and who continue to value team over self.We have 23,000 people operating across 44 countries and every day we're investing in new technologies, experienced people, and new ideas to help all our clients maximize every opportunity.

Job Description

As an Information Security Control Assurance Manager, you will lead a team evaluating security controls for both on-premise and cloud processes to mitigate risks and ensure compliance with regulatory standards. Reporting to the Global Head of Information Security, you will direct the team in testing security controls to verify their design, implementation, and operational effectiveness. Working in an Agile environment, you will ensure the quality of security assessments through testing, automation, and collaboration with various teams and partners.

Summary of Primary Responsibilities

• Oversee the information security control testing program, collaborating across regions.
• Manage a team of testers to assess information systems per corporate security standards.
• Design repeatable testing methodologies, including automation for cloud environments.
• Plan control tests with risk identification, sampling, control selection, testing methods, and reporting criteria.
• Manage teams in testing the design and effectiveness of security controls, including fieldwork and reporting.
• Ensure quality assurance for control testing documentation.
• Compile management reports and presentations on risks, controls, and deficiencies.
• Be the primary contact for control tests, ensuring quality engagements and partner communications.
• Improve the efficiency of the control testing program by standardizing indicators and testing materials.

Qualifications

What your background is

• Bachelor's degree in computer science, management information systems, or equivalent experience.
• 3+ years managing IT auditors or Information Security control assessors.
• 12+ years in IT Audit or Information Security control assessments, including cloud security controls.
• Professional certifications like CISA, CISM, CISSP, ISO 27001 Lead Auditor.
• Knowledge of standards like NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
• Experience with automated and manual methods for evaluating security controls on-premise and in cloud environments.
• Communicate complex information.
• Use partner feedback to improve processes.

Technical Skills

• Knowledge of security tools like Sailpoint, Rapid7, Wiz.io, MS Defender.
• Experience with cloud security in AWS and Azure.
• Automation, data-driven testing techniques, and generative AI for control assurance.
• Create queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies

• Big 4 consultant experience.
• Knowledge of cybersecurity principles: integrity, availability, authentication, non-repudiation.
• Mentor junior team members, encouraging continuous improvement.
• Security reporting to senior management on posture, control effectiveness, risks.
• Apply security governance, risk, and control principles.
• Proficiency in automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI).
• Agile working methodology experience.

Additional Information

This is a permanent home-based role in Costa Rica. No relocation available.

Culture at Experian

Our uniqueness is that we value yours. Experian's culture, people, and environments are main differentiators. We take our people's agenda very seriously. We fo