Senior Information Security Controls Assessor

About us, but we'll be brief

Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. Also, for the last five years we've been named in the 100 "World's Most Innovative Companies" by Forbes Magazine. Experian prioritizes our culture and look to bring people to the team who are passionate about their jobs, who are easy to work with, and who continue to value team over self.

We have 23,000 people operating across 44 countries and every day we're investing in new technologies, experienced people, and new ideas to help all our clients maximize every opportunity.

As a Senior Control Assurance Assessor, you'll test security controls both on-premise and in the cloud to ensure design implementation, safeguarding Experian's assets. You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager. Identifying gaps, documenting findings, and recommending improvements to mitigate risks are important responsibilities. Using data-driven testing techniques and a defined methodology, you'll collaborate to ensure controls meet current risks and regulatory requirements.

Primary Responsibilities

• Conduct security control assessments, using documented control activities (where they exist) and regulatory requirements.
• Develop test plans, test cases, and procedures, applying data from security tools to capture evidence.
• Use queries and dashboards to identify potential control failures as part of the control testing process.
• Ensure the accuracy and timely completion of control testing, providing peer review.
• Document findings, including root cause analysis and applicable recommendations for remediation.
• Be the primary liaison with partners, delivering clear progress updates and results.
• Contribute lessons learned by integrating partner feedback to improve the control testing program.

What your background is

• A bachelor's degree in computer science, management information systems, or a relevant field, or equivalent demonstrable experience.
• 5+ years' of experience in Information Security or Information Technology
• 3+ years' experience performing IT Audit or security control testing.
• Knowledge of internal audit methodologies, including risk assessment, execution, and reporting.
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and breach notification laws.
• Experience with sector-specific frameworks (e.g., HIPAA, PCI).

Technical Skills

• Proficiency with security tools (SailPoint, Rapid7, Wiz.io, MS Defender, SIEM, vulnerability management, penetration testing).
• Knowledge of cloud technologies (AWS, Azure).
• Experience using generative AI (e.g., ChatGPT) for test strategies, reports, and communications.
• Skills in automation and analytics tools (Excel, Tableau, Alteryx, or PowerBI).
• Create queries and reports in RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

Desired Competencies

• Understanding of cybersecurity principles and organizational requirements.
• Experience applying governance, risk, and control principles.
• Experience in automated and manual testing of security controls.
• Experience facilitating meetings and conveying complex ideas.
• Data collection, validation, analysis, and interpretation.
• Experience Researching and applying latest technologies.
• Experience with Agile methodology.
• Big 4 accounting experience.
• Hold a professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.

This is a permanent hybrid role in Costa Rica. No relocation available.

Culture at Experian

Our uniqueness is that we value yours.

Experian's culture, people, and environments are main differentiators. We take our people's agenda very seriously. We focus on what matters; diversity and inclusion, work/life balance, flexible work, development, engagement, collaboration, wellness, rewards & recognitions, volunteering... the list goes on!

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

#LI-Hybrid

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a successful, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is necessary to our purpose of creating a better tomorrow. For us, this is The Power of YOU and it ensures that we live what we believe.