Information Security Governance and Policy Lead

  • Experian Pkwy, Allen, TX 75013, USA
  • Employees can work remotely
  • Full-time
  • Department: Information Technology & Systems
  • Role Type: Home
  • Employee Status: Regular
  • Schedule: Full Time
  • Shift: Day Shift
  • Flexible Time Off: 20 Days

Company Description

 Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine

 

Job Description

Experian is seeking an Information Security Governance and Policy Lead within the Enterprise Global Security Organization. This individual has significant global responsibility for the Cyber Governance & Risk Management lifecycle. The Information Security Governance Team is the principal advocate for information security across the Enterprise and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the organization.

The role is responsible for leading a security team in designing the strategy for managing and maintaining the Experian corporate security policy, controls, standards, and frameworks.

Accountabilities:

  • Leads, develops, operates, and manages comprehensive Information Security standards, policies, and controls to assess, prioritize and mitigate business risk. Leads the review and formal approval process for Policy updates and coordinates updates to the Information Security Standards. Ensures the Information Security Policy, Control Library and Technology Security Baseline documents meet or exceed industry standards, compliance requirements and customer/client expectations.
  • Serves as a Subject Matter Expert (SME) on the organization’s strategy for the information security critical processes and associated tools, and ensures the process aligns to regulatory, statutory and industry requirements for Experian Security policy and data classification. Recommends programmatic and technical direction with a high degree of independence in matters relating to the investigation, impact, and analysis of decisions regarding cyber security risk.
  • Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
  • Define and maintain Experian Information Security policies.
  • Define and maintain the Experian policy framework based upon industry standards.
  • Builds and maintains Experian policies and standards and keeps relevant.
  • Define and maintain the policy and technology security baseline creation and update processes including stakeholders, syndication, and approval processes.
  • Ensures polices follow the required approval process.
  • Ensures alignment of the policies and standards to both regulations and controls.
  • Ensures policies adhere to enterprise standards and templates.
  • Ensures content aligns to key control frameworks, particularly NIST Cyber Framework, ISO 27002, PCI, FFIEC and key regulations Gramm-Leach-Bliley Act (GLBA) and DPA.
  • Defines supporting implementation guidance associated with security policy.
  • Represents Information Security in other associates’ policy and standard syndication.
  • Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk management policy and standards. Ensures policy changes and new policies are appropriately communicated to the respective stakeholders.
  • Manages the annual review and refresh process for policies, standards, and control library, including stakeholder management and review coordination.
  • Manages the policy onboarding process, including stakeholder management for new and legacy policy identification and rationalization with the Information Security framework. 
  • Participates in key and strategic initiatives representing the Information Security Governance team and provides subject matter expertise in the policy space.

Qualifications

  • Proven experience leading a security team.
  • Expert knowledge of policy creation and maintenance; ensuring adherence and compliance.
  • Preferred: 10 years’ experience in financial services or banking industry and its regulations /laws, e.g.: CFPB, NYDFS, FCA, MAS.
  • Knowledge of practical experience of risk control frameworks such as NIST, ISO as well as regulatory and industry requirements such as GLBA, PCI, FFIEC, DPA.
  • Proven expertise of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches.
  • Proven technology experience in one or more of the following areas: Information Security, Technology Governance, Technology Audit, Information Technology Compliance, Technology Infrastructure or Application Development
  • Bachelor’s degree is required preferably in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.
  • Expert knowledge of technology, infrastructure, network, applications, information security and associated risk management.
  • Possess in-depth knowledge of Information Risk Management and IT processes.
  • At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP).

Additional Information

Culture at Experian

Our uniqueness is that we truly value yours.

Experian's culture, people and environments are key differentiators. We take our people agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on

We’re an award-winning organization due to our strong people focus

Experian isn't just growing, we're leveraging cutting edge data science, design thinking and passion to build tomorrow's credit solutions. Innovation is a critical part of Experian's DNA and culture

 

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.

Privacy Policy