Onward Search is unable to support 1099 / Corp-to-Corp or Independent Contractor arrangements at this time. All contractors will be paid as W2 employees.
Senior Security Control Analyst
Role Description:
This role is a senior member of the Cybersecurity Risk and Controls team. This role will support the identification, documentation, and formalization of security controls across the Enterprise to meet the cybersecurity and risk requirements set by Experian. The Senior Control Analyst will contribute to the team’s goals of ensuring a sound security posture by assessing the risk-based design of security controls and maturity of security capabilities.
Responsibilities:
- Contribute to the maintenance and update of the integrated risk and controls framework based on information security policies and industry best practices and standards
- Provides peer review of control activities populated by control owners to ensure they align with requirements outlined in control standards and objectives
- Identify, document, and report control procedure gaps and provide recommendations for remediation
- Assist in the planning and performance of information security maturity assessments on Experian’s cybersecurity capabilities based on agreed-upon industry framework(s).
- Contributes content for management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
- Develop content for implementation workshops with control owners across the Enterprise
- Ensure information security controls are aligned and mapped to applicable risks (risk types and risk register entries) in Archer GRC platform
- Monitor and stay abreast of internal and external risk indicators for impacts and potential disruptions to the organization and mission. Provide these risk indicators as inputs to control assurance and other EGSO activities.
- Independently offer ideas and/or professional expertise in ways that are unique or innovative to enhance the risk-based approach to improving security posture
- Follow an established assessment methodology to facilitate the completion of control self-attestation by business and technology teams
Knowledge/Skills/Abilities/Qualifications:
- Knowledge of cybersecurity principles and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
- Knowledge of information security frameworks such as ISO 27001/2, NIST CSF, PCI DSS, and HIPAA.
- Knowledge of information security risk management management/analysis frameworks such as Open FAIR, NIST 800-37, NIST 800-39
- Knowledge of governance, risk, and controls principles
- Skills in security control design, implementation, and evaluation
- Strong verbal and written communication skills, process driven, detail oriented and ability to articulate risks and findings.
- Good collaboration and interpersonal skills, self-motivated, willingness to take on challenges and adaptability to change.
- Skilled in preparing plans and related correspondence, impact/risk assessments.
- Skilled in managing relationships, managing expectations, and demonstrating commitment to delivering quality results
- Ability to apply critical reading/thinking skills and facilitate small group meetings.
Qualifications
- Bachelor’s degree in computer science, management information systems or relevant field or equivalent demonstrable experience.
- Preferred Certifications: CISA, CISM, CRISC, CISSP, PCI QSA, ISO 27001 Lead Auditor, or comparable certifications.
Experience
- 3+ years’ experience performing IT Audit or Information Security control assessments
- Experience with GRC tools, such as Archer.