Information Security Consultant
The Experian Global Security Office (EGSO) Information Security Consultant provides consulting and assurance services to business. There are two major aspects to this position - (1) providing consulting services to business as businesses engage GSO to provide guidance with respect to new projects or development or technology deployments / enhancements and (2) Providing security assurance assessments services for existing or new environments. The position requires a strong ability to interface with technical and business experts and articulate the risk in business terms. The position requires the individual to quickly understanding the business environment, critical products and processes, internal and external standards and regulations and building excellent relationships across Experian globally.
The Information Security Consultant is responsible for, but not limited to, the following:
- Perform security assessments for new projects. This includes but is not limited to new application development projects, data center builds and any other new technology or infrastructure builds/enhancements.
- Working with senior stakeholders, SMEs and project management to ensure security requirements are understood and implemented as part of the project lifecycle. The responsibilities also include staying with the project through the cycle (from inception to product implementation) and validating the implementation, as needed.
- Partner with businesses and technology to research and provide security guidance for projects involving new technologies or concepts (e.g. moving a core application to cloud, or developing mobile application, new authentication technology, encryption techniques or technologies, etc.).
- Perform periodic security assessment for existing environments - this includes but not limited to applications, systems/servers, network infrastructure, database and other technologies and processes.
- Perform deep dive security assessments for existing applications, technology or processes. This is done by walking through the processes how each control is implemented and obtaining evidence as desired.
- The position requires on-going partnership (vs. one time guidance) to build environments and deploy technologies in a secure manner and mitigating risks beforehand - truly positioning security as an enabler of business
- Work with businesses and technology teams to capture non-compliance, ensuring justification, and mitigating controls are appropriately captured.
- Work with program specialist team to develop and deploy a process to perform assessments and deliver formal assessment reports to business. This also includes working with the businesses to formally capture gaps and remedial actions within the GRC system.
- Develop KPI and prepare reporting metrics for the InfoSec consulting function and progress on enhancements initiatives.
- Escalate risks and details to business partners and Regional Information Security Officers (RISOs) as they appear.
- Perform pre and post-acquisition assessments, develop formal reports and present risks to business stakeholder
- Identify information security deficiencies or risks to appropriate parties as soon as possible. Work with RISOs and other GSOs governance functions to assist and/or drive remediation activities in order to mitigate security deficiencies as identified through client and other regulatory audits/assessments
- Develop KPI and prepare reporting metrics for InfoSec consulting function and progress on enhancements initiatives.
Qualified applicants for the Information Security consultant position will meet the minimum requirements as stated below:
- Bachelor's degree in computer science or relevant field or equivalent demonstrable experience
- 5+ years of experience in security field specially around security assessments or audit field
- Must have a strong technical background with prior hands-on experience a plus
- Must have demonstrable experience and strong understanding of technologies in three or more of the following areas: advanced authentication technologies, Cloud security, mobile app development and security, SAML, switching and routing, network and end point security technologies, encryption and encryption key management, database and application monitoring, networking, system hardening.
- Ability, drive and motivation to research and provide the right guidance and find possible solutions. Ability to push back where the risk outweighs the benefits
- Curiosity to ask questions and challenge status quo
- Strong leadership skills.
- Excellent verbal and written communication skills.
- Problem Solving & Analysis.
- Process driven, and has eye for detail, automation and efficiency to improve programs/processes.
- Good collaboration, relationship and interpersonal skills.
- Must have CISA, CISM or CISSP or comparable certifications