Governance Risk Compliance (GRC) Policy Specialist

Heredia, Costa Rica

Applications have closed

Experian

Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.

View company page

Company Description

Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine. With a focus on our employees, we have been certified for the third time as Great Place To Work (GPTW). Experian Consumer Information Services is redefining the way our clients do business within all aspects of the customer credit lifecycle. Fueled by best-in-class data and innovative technology we help businesses make smarter decisions, identify consumers, make decisions on loans, market to prospects and collect.

Job Description

Experian Employer Services (EES) is seeking a dynamic professional to join its Data & Enablement team as a Governance Risk Compliance (GRC) Policy Specialist. This new position will be instrumental in evaluating existing processes for enhanced improvement opportunities of acquired companies providing Employer Services while assisting with driving technology to adhere to policies and compliance objectives. We seek a candidate eager to join a start-up atmosphere, someone who can adapt readily, instill confidence in internal and external partners and drive results. Comfort with ambiguity and a high aptitude for adaptability are necessary. 

 As the ideal candidate, you’ll need to be able to ingest policies and track compliance in a fast-paced, collaborative environment, and have a strong drive for accomplishment. You must be comfortable with prioritizing simultaneous requests in a professional manner, communicate technical concepts effectively and precisely both verbally and in writing to a diverse team of internal and external partners.  The ability to note gaps in policy and raise issues before they turn into problems is critical.  Strong organization, time management, problem solving, and communication skills are essential.  The ideal candidate also brings creative and strategic solutions to the table to help solve complex problems and is someone who acts as a change agent to evolve processes and challenge current thinking. 

 This role is team oriented as you will be working collaboratively with cross-functional stakeholders to ingest, comprehend, disseminate and train on new and existing policies related to application programming, infrastructure, information security compliance, risk assessment, client support, data protection and privacy.  You should be excited to partner with a broad array of internal stakeholders including other members of our world-class Security, Software Engineering, Product, Sales, Legal, Compliance, and Marketing teams. 

Key Responsibilities: 

  • Assist with assessing controls, and identifying gaps for remediation to meet policy objectives 
  • Lead a cross functional project to investigates current and potential policies, evaluating gap analyses and evidence for possible inconsistencies, deficiencies or policy deviations
  • Contribute to compliance program requirements throughout the division such as SOC 2, SIG
  • Create client-facing information security related documentation or policies 
  • Assist with the Information Security policy refresh schedule
  • Work with and learn from teams across technical security, security operations, legal, infrastructure, marketing, risk, compliance, etc.
  • Assist with tracking and remediating control gaps 
  • Drive efforts to ensure consistency of controls across the business unit 
  • Assist in identifying potential risks that might negatively affect the business or security of data 
  • Act as a liaison between different clients, stakeholders, and business owners to ensure accurate policy and control information is being documented 
  • Develop and apply a comprehensive understanding of operational processes and business strategies. 
  • Strong collaboration and self-management skills. 
  • Build relationships with key stakeholders across the organization to ensure buy-in of policies and ensure their buy-in for compliance and improvement opportunities. 
  • Demonstrate subject matter expertise across the organization by exuding deep knowledge to drive collaboration with internal stakeholders as well as clients and partners. 
  • Mentor teammates on processes, best practices, prioritization, and issue resolution as per Experian policies, standards, and technical service baselines.
  • Flexibility to be a utility player where needed as this business evolves.
  • Respond to client risk assessments, report status, and escalate as needed for each assessment. 
  • Determine if responses to auditors and assessors accurately represent risk. 
  • Work with business partners to streamline data collection process. 
  • Ensure documentation provided to clients and regulators is current. 
  • Assist with coordination and negotiation of internal and external audits to minimize business disruption. 
  • Support development of security processes and procedures to ensure that security controls are managed and maintained. 
  • Other duties as requested

Qualifications

  • 1-3 years previous experience in policy, Information Security Consulting, vendor management, audit, or equivalent -- preferably with a technology company or financial institution 
  • 1-3 years previous experience working with SaaS solutions 
  • Knowledge of risk frameworks (NIST, ISO, COSO, etc.) 
  • Appreciation of basic security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc. 
  • Ability to work well in a dynamic, fast-changing environment that requires a high degree of multitasking  
  • Be familiar with inherent risks, controls, and residual risks as applicable for companies in the technology industry  
  • Excellent problem solver, who can facilitate issue resolution effectively and creatively while maintaining a high level of integrity, confidentiality, and professionalism. 
  • Action-oriented team player with strong prioritization, operational, and planning skills  
  • Ability to listen intently, read policies and technical descriptions, and analyze information 
  • Conscientious self-starter, with a work attitude that exhibits flexibility, initiative, good judgment, and dependability. 
  • Consensus-building abilities with a proven record of accomplishment coordinating and mobilizing resources productively. 
  • Outstanding presence and solid communication skills, both written and verbal, who effectively communicates at all levels of the organization. 
  • Proven success navigating large, matrixed organizations. 
  • Ability to manage multiple projects and competing priorities 
  • Collaborative associate who excels at building relationships across all levels. 
  • Enterprise-level B2B experience working on a cross-functional team. 
  • Bachelor’s degree or equivalent. 

Preferred Experience: 

  • Industry coursework toward certifications such as CISA, CRISC, CISSP, ITIL or equivalent 
  • Ability to balance strategic thinking with attention to detail and pragmatic execution. 
  • Enterprise-level B2B experience working on a cross-functional team. 
  • Strong communication skills (verbal and written) 
  • Knowledge of human capital management systems and/or HR/Payroll/Tax related product offerings.  
  • Confident in managing relationships across sales, business, and technical teams, both face-to-face and remotely. 
  • Experience working at a technology company or consulting firm. 

Additional Information

Our benefits include: Medical, life and dental insurance, Asociación Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.

#LI-REMOTE #LI-SA1

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Audits CISA CISSP Compliance CRISC Governance ITIL NIST Pentesting Privacy Risk assessment SaaS Security assessment SOC SOC 2 Vendor management

Perks/benefits: Career development Medical leave Salary bonus Startup environment

Regions: Remote/Anywhere North America
Country: Costa Rica
Job stats:  10  2  0
Category: Compliance Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.