Information Security Control Issue Specialist (BB-697C5)
Encontrado en: Neuvoo CR
Information Security Control Issue Specialist
Experianis seeking a Control Issue Specialist to join its Information SecurityGovernance and Control Assurance team. The Information Security Governance andControl Assurance team is the principal advocate for information securityacross the Enterprise and is responsible for the development and delivery of acomprehensive information security strategy to optimize the security posture ofthe organization.
TheControl Issue Specialist will contribute to the team’s goal of executing arisk-based approach to security assurance and program governance by ensuringidentified deficiencies and potential risks to the organization are recordedappropriately.
Additionalresponsibilities include but are not limited to:
Document issues and deficiencies identifiedthrough the governance, risk and controls process i.e. control self-assessmentsand attestation, continuous control monitoring and control testing to ensurecorrective actions agreed with control owners are documented and managed in theArcher GRC platform.
Review identified issues and assign appropriaterisk categories as defined by the established risk management process
Leverage defined issue categories to determine;appropriate workflow, ownership and levels of approval
Engage relevant stakeholders to documentapprovals for exceptions if a corrective action/plan is not viable per issueowner
Follow the standardized issues managementprocess and workflow to ensure documented issues and deficiencies aremonitored, reported, escalated (as needed) and managed to closure
Create issues and risk reports across BusinessUnits and functional groups as input for monthly Regional Risk Committeemeetings
Qualified applicants must meet the minimum requirementsbelow:
5+years’ experience performing IT/Information Security control assessments.
Bachelor’sdegree in management information systems or relevant field or equivalent demonstrableexperience.
Strongknowledge of information security frameworks such as ISO 27001, NIST CSF, PCI,and HIPAA.
CISA,CISM, ISO 27001 Lead Auditor or comparable certifications preferred.
Experiencewith security control design, implementation and evaluation
Strongverbal and written communication skills, process driven, detail oriented andability to articulate risks and findings to senior management.
Goodcollaboration and interpersonal skills, self-motivated, willingness to take onchallenges and adapt to change.
Experiencewith GRC tools, such as Archer preferred.
calendar_todayhace 8 horas
location_onHeredia, Costa Rica