Security Standards Compliance Specialist - 100% US REMOTE

Allen, TX, United States

Applications have closed

Experian

Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.

View company page

Company Description

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine

Job Description

The primary responsibility of the Sec Standards Compliance team would be to establish and manage specific security standards’ compliance (such PCI, HIPAA, ISO 27002, SOC 2, etc.) more as a well-rounded programme vs. annual project activities. The team will be required to have a strong interface with technical and business experts and articulate audit needs, processes and drive remediation. This is achieved by quickly understanding the business environment, critical products and processes, internal and external standards and regulations and building excellent relationships across Experian Globally. This position is a part of the Global Security Office (GSO). The GSO sets and ensures that the Information Security policy and standards are implemented across Experian.  

 

The InfoSec Standards Compliance Specialist is responsible for, but not limited to, the following: 

  • Establish and managed specific standards’ compliance (such PCI, HIPAA, ISO 27002, SOC 2, FISMA/FedRAMP etc.) more as a well-rounded program vs. annual project activities. The elements of the program include many of the traits listed below.  

  • Facilitate aforementioned attestations, audits and certification efforts for the businesses and technology.  Partner with client support functions to coordinate and schedule timescales and teams.  

  • Contribute to the management of overall program and owner of specified workstreams with full accountability for successful delivery 

  • Working closely with other stakeholders to establish the program and workstream governance framework and ensuring adherence to those standards thereafter 

  • Establishing, documenting, maintaining and communicating project scope, milestone/detailed plans, risks and issues and then proactively using as a basis for all discussions across the program to ensure full alignment 

  • Proactively engaging with key stakeholders and providing facilitation to allow full engagement and participation across the program. 

  • Providing meaningful status reports at program level and closely collaborating with workstream owners to deliver workstream level reporting 

  • Manages relationships with key regulatory and industry assessment vendors. 

  • Works alongside policy and standards team to incorporate changes into the enterprise policy document based on compliance assessment results. 

  • Develop metrics and reporting to demonstrate standards compliance status. 

  • Communicate the standards compliance posture and effectiveness to Management on a scheduled basis. 

  • Follow up on deficiencies identified in reviews and external audits to ensure appropriate remediation measures have been achieved timely. Track mitigation steps and ensure that risks are managed appropriately and in a timely manner. 

  • Manages a complex group of projects as it relates to post audit or ready assessment activities.  

  • Manages timelines, resources, project plans, action item logs, status reports and statistics to ensure milestones, goals and commitments are met. 

  • Actively contribute to a culture where the fair treatment of customers is at the heart of the Experian business.  Take personal responsibility to ensure that you adhere to all regulatory requirements and apply appropriate controls in the interests of our customers. 

 

Qualifications

  • Bachelor’s degree in computer science or relevant field or equivalent demonstrable experience. 
  • Experience in the information security standards area. 

  • Requires subject matter expert knowledge of the specific security standards such as PCI, HIPAA, SOC, ISO 27001/2, FISMA/FedRAMP, GLBA, NIST, FCA, FCRA, CFPB, UK data protection act, etc. 

  • Prior experience of managing these or similar compliance programs and managing engagement reviews (from scheduling to completion) is a must requirement. 

  • Demonstrated success in leading, controlling, & completing IT projects. 

  • Prior audit experience in any of the above areas a significant plus. 

  • Proven ability to combine business acumen, technical acumen and process expertise to define control requirements for  SOC 1 & SOC 2, HIPAA, PCI, ISO 27002, FISMA, FedRamp.  

  • Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management 

  • Strong subject matter expertise in computer operations required; (e.g. In-depth knowledge of Windows/Unix operating systems, authentication methods, firewalls, routers, web services, etc.). 

  • Effective negotiating and problem solving skills. 

  • Strong leadership skills. 

  • Excellent communication; verbal, written, documentation and presenting to board level. 

  • Highly organized with strong prioritization skills; creating and managing documents and information for yourself and others should be 2nd nature 

  • Process driven, and has eye for detail, automation and efficiency to improve programs/processes. 

  • Good collaboration, relationship and interpersonal skills. 

  • Solid understanding of key network and technical security controls. 

  • Experience working with or utilizing the RSA Archer eGRC application a plus. 

  • Knowledge and qualification in formal Project Management methodologies is desirable, eg. ISEB, Prince 2 

  • CISA, CISM, CISSP, PCI QSA or comparable certifications preferred but not required 

 

 

Additional Information

Our uniqueness is that we truly value yours.

Experian's culture, people and environments are key differentiators. We take our people agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on

We’re an award-winning organization due to our strong people focus

Experian isn't just growing, we're leveraging cutting edge data science, design thinking and passion to build tomorrow's credit solutions. Innovation is a critical part of Experian's DNA and culture

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above.  Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education.  This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

 

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe.  See our DEI work in action!

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits Automation CISA CISM CISSP Compliance Computer Science FedRAMP Firewalls FISMA GLBA Governance HIPAA ISO 27001 ISO 27002 NIST PCI QSA RSA SOC SOC 1 SOC 2 UNIX Windows

Perks/benefits: 401(k) matching Career development Equity Flex hours Flex vacation Health care Insurance Parental leave Team events Wellness

Regions: Remote/Anywhere Europe North America
Job stats:  11  2  0
Category: Compliance Jobs

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.