Overview


Título del trabajo: Lead Security Partner

Compañía: Experian

Descripción de funciones: Company DescriptionExperian is the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximize every opportunity.Job DescriptionExperian is in search of a Lead Security Partner who will play a pivotal role in the organization’s information security landscape. As a lead, you will serve as a trusted advisor to the functional leaders within the assigned business unit (BU). Your mission: to bridge the gap between strategic priorities and security risks, ensuring that the BU operates securely and efficiently.In this influential position, you will engage with the BU’s senior leadership team, gaining insights into their strategic goals and challenges. Your expertise will guide discussions on security matters, emphasizing the importance of safeguarding Experian’s assets. But your impact extends beyond the BU—you are the BU’s advocate within Experian’s Global Security Office (EGSO), ensuring that security decisions align with the BU’s unique context and needs.The successful candidate will blend deep industry and technical knowledge with business acumen. Your leadership, confidence, and communication skills will shine as you operate with autonomy, relying on influence rather than formal authority. You’ll be a beacon of thought leadership, providing clear direction in complex situations and crafting innovative solutions to a wide range of information security challenges.Key Responsibilities

  • Lead and strategize project security assessments (PSA) for new enterprise development and significant changes. Direct the continual submission, review, and decisions related to business unit-critical issues and exceptions to any security control. Ensure quality assurance efforts for routine PSAs.
  • Develop a comprehensive understanding of all BU information security risks. Predict the needs for risk assessment, review, adjustment or escalation of risk rating, and any other demands within the risk lifecycle. Guide related efforts.
  • Establish executive relationships and act as a trusted advisor to the BU’s management team. Integrate into the BU project planning process to ensure that appropriate levels of security oversight exist.
  • Direct, consult, collaborate, and lead as needed to integrate security with business unit goals and initiatives.
  • Represent the BU by sharing its specific threats, requirements, and insights with the EGSO Leadership, other SPs, and members of the Information Technology (EITS) and security organization. Champion resource discussions based on the specific needs, risks, and priorities of that BU.
  • Provide strategic thought leadership to support BU-level decision-making, product development, system implementations, and the change management associated with the adoption of new security processes and procedures.
  • Maintain an on-going partnership to build environments and deploy technologies in a secure manner and mitigating risks beforehand – positioning security as an enabler of business.
  • Analyze information security trends internal and external to the business and keep business-facing leadership informed about information security-related risks and incidents. Provide strategic direction for appropriate response (Threat Informed Defense Approach).
  • Promote corporate cybersecurity awareness activities and support the implementation of security awareness concepts locally, as needed, to suit the business unit.
  • Design and review security metrics to measure security effectiveness at the business unit and corporate level. Drive the execution of security partner team metrics (e.g., request volumes, SLA adherence, QA-KPIs, etc.).
  • Communicate risk to BU leadership in relation to BU-specific goals, initiatives, and changes (people, process, technology).
  • Interpret how business unit-specific risks factor into firmwide risks at senior-level, e.g., Regional Management Committees (RMC), NA Security Review, and Security and Continuity Steering Committee (SCSC).
  • Lead continuous improvements related to the monitoring and measuring of policies, processes, and controls that support compliance with industry and regionally specific mandates, laws, and regulations specific to assigned business unit.
  • Collaborate with other governance functions on educating BU leadership on prospective changes to relevant mandates, laws, and regulations. Identify any gaps that may exist and lead remediation efforts.
  • Identify and communicate any business unit-specific requirements that may exist due to geography, region, data, vertical, etc., and how those differ from or overlap with firmwide or departmental mandates.
  • Oversee the completion of internal and external security assessments for the business unit.
  • Identify opportunities for process improvements to drive efficiencies and to evolve the team’s capabilities. Lead tiger teams-department working groups that target strategic improvement initiatives.

Qualifications

Physician Assistant - Emergency Medicine - Good Samaritan Hospital
  • Bachelor’s Degree in a relevant major or equivalent experience in security, risk, audit, compliance, and management.
  • 12+ years of experience in an IT-security field with strong demonstrable evidence of a technical background or security risk assessments – audit field.
  • Relationship management, team building, and facilitation.
  • Presentation, data analysis and problem-solving skills.
  • Interpretation and application of security policies, standards, and procedures.
  • Ability, drive and motivation to research and provide the right guidance and find possible solutions. Ability to push back where the risk outweighs the benefits.
  • Adaptive communication skills; can speak to audiences at varying corporate altitudes and business functions.
  • Ability to Influence based on knowledge-experience to align key initiatives with stakeholders.
  • Curiosity to ask questions and challenge status quo.
  • Preferred certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP).

Knowledge

  • Foundational knowledge of major security domains including application security, vulnerability management, incident response, cloud security, etc.
  • Information technology-related frameworks, such as International Standards Organization (ISO) 27001 series, NIST series, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT).
  • Overall understanding of privacy-related regulations, such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), and regional breach notification laws.
  • Basic knowledge of vertical-specific frameworks and regulations is a plus, e.g., FedRAMP, FFIEC, HIPAA, and PCI.
  • Risk analysis, assessment, treatment, and management methodologies.
  • Familiarity with agile methodologies for application-software development.

Additional InformationThis is a permanent home-based role in Costa Rica. No relocation available.Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work, Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Ubicación: Heredia

Fecha del trabajo: Thu, 27 Jun 2024 22:46:55 GMT