This job posting isn't available in all website languages
Experian Careers Job Search

Information Security Governance & Policy Lead

Legal & Compliance
197988 Requisition #
Experian is seeking an Information Security Governance & Policy Expert within the Enterprise Global Security Organization. This individual has significant responsibility for the Cyber Governance & Risk Management lifecycle. The role is responsible for designing, managing, maintaining and reporting compliance of the Experian corporate security policy. The responsibilities include security policy, governance, risk management, and compliance.

Specific responsibilities will include but not limited to:

Job Accountabilities:

• Develops, operates and manages comprehensive Information Security standards, policies and controls to assess, prioritize and mitigate business risk. Leads the review and formal approval process for Policy updates and coordinates updates to the Information Security Standards. Ensures the Information Security Policy, Control Library and Technology Security Baseline documents meet or exceed industry standards, compliance requirements and customer/client expectations

• Serves as a Subject Matter Expert (SME) on the organization’s strategy for the information security critical processes and associated tools, ensures the process aligns to regulatory, statutory and industry requirements and Experian policy and data classification. Recommends programmatic and technical direction with a high degree of independence in matters relating to the investigation, impact and analysis of decisions regarding cyber security risk

• Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable

Major Responsibilities

• Defines and maintains Experian Information Security policies.
• Defines and maintains the Experian policy framework based upon industry standards.
• Defines and maintains the policy and technology security baseline creation and update processes including stakeholders and syndication and approval processes.
• Builds and maintains Experian policies and standards and keeps relevant.
• Supports the alignment of the policies and standards to both regulations and controls.
• Defines supporting implementation guidance associated with security policy.
• Ensures policies adhere to enterprise standards and templates.
• Ensures (new) polices follow the required approval process.
• Represents Information Security in other associates’ policy and standard syndication.
• Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk management policy and standards. Ensures policy changes and new policies are appropriately communicated to the respective stakeholders.
• Manages the annual review and refresh process for policies, standards, and the risk, threat, and control library, including stakeholder management and review coordination.
• Manages the policy on-boarding process, including stakeholder management for new and legacy policy identification and rationalization with the Information Security framework.
• Manages the policy awareness program and conducts training on policies and standards as needed.
• Maintains policy program service documents and procedures, including KPI reporting for the policy program.
• Manages qualitative risk appetite statements for Information Security.
• Performs review and challenge on first line business units’ programs to support compliance with policies, standards, laws and regulations.
• Participates in key and strategic initiatives representing the Information Security Governance team and provides subject matter expertise in the policy space.
Required Educational Requirements / Certifications:

• Proven technology experience in one or more of the following areas: Information Security, Technology Governance, Technology Audit, Information Technology Compliance, Technology Infrastructure or Application Development
• Bachelor’s degree is required preferably in Computer Science, System/Computer Engineering, Cyber-Security or Information Security.
• At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP).

What We Look For:

• 10+ years of cyber and information security experience
• Expert knowledge of policy creation and maintenance; ensuring adherence and compliance.
• Knowledge of the financial services industry and its regulations /laws.
• Knowledge of current industry trends in information risk management.
• Proven expertise of control and risk management concepts and knowledge of the operational aspects of the information risk business.
• Proven expertise of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
• Proven expertise of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches.
• Possess in-depth knowledge of Information Risk Management and IT processes
• Able to be a subject matter expert on information risk management policies and standards.

Nice to Haves:
• MBA, PMP, Master of Cyber Security / IT Management
• Financial services industry experience is a plus

Experian is an Equal Opportunity Employer. Anyone needing accommodation to complete the interview process should notify the talent acquisition partner. The word "Experian" is a registered trademark in the EU and other countries and is owned by Experian Ltd. and/or its associated companies.

EOE including Disability/Veterans

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Costa Mesa, California, United States

📁 Legal & Compliance

Privacy Policy  |  Online Community  |  Press  |  Investor Relations