Information Security Regulatory Governance Specialist US Remote Full-time Employee Status: Regular Role Type: Hybrid Job Posting – Salary Range: $107,024 – $192,644 Department: Legal & Compliance Flexible Time Off: 20 Days Schedule: Full Time Shift: Day Shift About us, but we’ll be brief Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for . In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine . Experian Global Security Office (EGSO) provides a full suite of information security services from engineering to security risk management, policy, metrics, and identity management. Its vision is to protect, connect and create its business in a secure and resilient manner. The Information Security Governance team is the principal advocate for information security and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the organization. As an Information Security Regulatory Governance Specialist, you will join a talented and experienced information security team and help to define the security posture of a top global company. This is an enterprise-wide program that assesses cyber security practices at Experian against information security regulation. This role will serve as a subject matter expert for information security regulation for senior leadership and other stakeholders. To thrive in this role, you must be detail oriented, able to distil complex security concepts down to a simple level and work with people from all levels of the business. Review the impact of new regulation and delivering assessments including evidence gathering and compliance assessments. Work with Legal, Compliance, Control Assurance, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice. Work with stakeholders to build plans of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner. Identify, document, and report control deficiencies and associated recommendations for improvement. Develop and communicate reports to describe regulatory risk and associated remediation action. Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions. Support the alignment of the policies and standards to both regulations and best practice. Review and challenge first line business units’ programs to support compliance with policies, standards, and regulations. Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results. Participate in key and strategic initiatives representing the Information Security Governance team and providing subject matter expertise in the regulatory space. At least 8-12 years of experience in one or more of the following areas: Information Security, Technology Governance, Technology Audit, Information Technology Compliance. 8+ years of experience of information security regulations with a focus in financial services preferred, such as NYDFS, CFPB and GLBA. Detailed knowledge of respective industry best practices (e.g., NIST, ISO, CMMI) and broad knowledge of cybersecurity technologies Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches. Knowledge of current industry trends in information security regulatory. Excellent written and verbal communication skills with the confidence to effectively tailor communication of technically complex issues for both technical and non-technical audiences and stakeholders at every level of the organization. Process driven with an eye for detail. Able to be a subject matter expert on information risk management, regulation, policies, and standards. Hands-on experience with GRC tools such as ServiceNow and RSA Archer is preferred. Candidates with professional information security certifications such as CISSP, CISM, CISA would be a good fit for this role. Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more. #J-18808-Ljbffr
ISO standards Finance Verbal communication ServiceNow standards Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Information security risk management Identity Management metrics Written communication skills Legal Engineering cmmi