This job posting isn't available in all website languages
Experian Careers Job Search

Information Security Consultant

Legal & Compliance
192426 Requisition #

Experian is the power behind the data. As the leading holder of consumer and business credit data, we’re transforming data into solutions that advance industries, move companies forward and improve the lives of millions of consumers around the world. In 2018, we were named by Forbes magazine as one of the “World’s Most Innovative Companies". 

Experian’s Global Security Office's vision is to protect, connect and create its business in a secure and resilient manner. Information Security is responsible for protecting information by the design and implementation of solutions and ensuring appropriate oversight.

We are growing and looking to hire Information Security Consultants for our Global Security Office (GSO) Information Security Risk Management (ISRM) team. The GSO sets and ensures that the Information Security policy and standards are implemented across Experian.

The Global Security Office Information Security Consultant provides consulting and assurance services to business. 

There are two major aspects to this position:

(1) Providing consulting services to business as businesses engage GSO to provide guidance with respect to new projects or development or technology deployments / enhancements. 

(2) Providing security assurance assessments services for existing or new environments. The position requires a strong ability to interface with technical and business experts and articulate the risk in business terms. The position requires the individual to quickly understand the business environment, critical products and processes, internal and external standards and regulations and building excellent relationships across Experian globally.

The Information Security Consultant is responsible for, but not limited to, the following:

  • Perform periodic security assessment for existing environments – including but not limited to applications, systems/servers, network infrastructure, databases and other technologies and processes.
  • Perform deep dive security assessments for existing applications, technology or processes.
  • Work with program specialist team to develop and deploy a process to perform assessments and deliver formal assessment reports to business. This also includes working with the businesses to formally capture gaps and remedial actions within the GRC system.
  • Perform security assessments for new projects – such as new application development projects, data center build, network enhancements, or any other new technology or infrastructure build/enhancements.
  • Work with program specialist and other functions (e.g. PMO) to develop and deploy process to ensure projects are assessed from the beginning and requirements are delivered.
  • Work with businesses, SMEs and project management to ensure security requirements are understood and implemented as part of the project lifecycle. The responsibilities also include staying with the project through the cycle (from inception to product implementation) and validating the implementation, as needed.
  • Partner with businesses and technology to research and provide security guidance for strategic projects involving new technologies or concepts (e.g. moving a core application to cloud, or developing mobile application, new authentication technology, encryption techniques or technologies, etc.). The position requires on-going partnership (vs. one-time guidance) to build environments and deploy technologies in a secure manner and mitigating risks beforehand – truly positioning security as an enabler of business.
  • Escalate risks and details to business partners and Regional Information Security Officers (RISOs) as they appear.
  • Perform pre- and post-acquisition assessments, develop formal reports and present risks to business partners and RISOs.
  • Under the guidance of RISOs, work with businesses and technology teams to capture exception requests and information and ensure non-compliance issues, exception justification, mitigation controls and risks are appropriately captured. Escalate issues as needed.
  • Work with RISOs, Client Support team as needed to provide sales support when articulating Experian security posture to clients in presentations or when completing RFP/RFI documentation.
  • Identify information security deficiencies or risks to appropriate parties as soon as possible. Work with RISOs and other GSOs governance functions - assist and/or drive remediation activities in order to mitigate security deficiencies as identified through client and other regulatory audits/assessments.
  • Develop KPIs and prepare reporting metrics for InfoSec consulting function and progress on enhancement initiatives.
  • Partner and work with GSO teams to ensure GSO programs are deployed successfully, where applicable.
  • Train and guide junior team members to help them grow and provide constructive feedback to team members and superiors.
  • Bachelor’s degree in computer science or relevant field or equivalent demonstrable experience.
  • 10+ years of experience in security field specially around security assessments or audit field.
  • CISSP required.
  • CISA, CISM, PCI QSA or comparable certifications preferred but not required.
  • Must have a strong technical background, with prior hands-on experience a plus.
  • Must have demonstrable experience and strong understanding of technologies in one or more of the following areas: advanced authentication technologies, cloud security, mobile app development and security, SAML, switching and routing, network and end point security technologies (e.g. AV, FireEye, end point encryption, endpoint and network DLP, cloud app security, end point intelligence), encryption and encryption key management, database and application monitoring, networking, system hardening, Active Directory, Linux, etc.)
  • Ability, drive, motivation to research and provide the right guidance and find possible solutions. Ability to push back where the risks outweigh the benefits.
  • Curiosity to ask questions and challenge status quo.
  • Strong leadership skills.
  • Excellent verbal and written communication skills.
  • Problem solving & analysis (critical thinking).
  • Process driven, and has eye for detail, automation and efficiency to improve programs/processes.
  • Good collaboration, relationship and interpersonal skills.

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Costa Mesa, California, United States

📁 Legal & Compliance

Privacy Policy  |  Online Community  |  Press  |  Investor Relations