Company Description

Experian is a global company in data services, helping organizations and consumers manage risk and make informed decisions. We empower individuals and businesses at important life moments, from purchasing a home to expanding customer bases. With over 125 years of experience, we specialize in data gathering, analysis, and fraud prevention. Our 21,700 employees across 30 countries are dedicated to innovation and creating opportunities for a better tomorrow. Recently ranked the fifth-best company to work for in Costa Rica, we prioritize inclusive culture, employee well-being, and career development.

Job Description

Experian is in search of a Lead Security Partner, reporting to the Director-Security Partner, who will play a pivotal role in the organization's information security landscape. As a lead, you will be a trusted advisor to the functional leaders within the assigned business unit (BU). Your mission: to bridge the gap between priorities and security risks, ensuring that the BU operates securely and efficiently.

In this influential position, you will engage with the BU's senior leadership team, gaining insights into their strategic goals and challenges. Your expertise will guide discussions on security matters, emphasizing the importance of safeguarding Experian's assets. But your impact extends beyond the BU—you are the BU's advocate within Experian's Global Security Office (EGSO), ensuring that security decisions align with the BU's unique context and needs.

The candidate will blend deep industry and technical knowledge with. Your leadership and confidence, will shine as you operate with autonomy, relying on influence rather than formal authority. You'll be a beacon of thought leadership, providing clear direction in complex situations and crafting innovative solutions to a wide range of information security challenges.

Responsibilities

• Lead and strategize project security assessments (PSA) for new enterprise development and changes. Direct the submission, review, and decisions related to business unit-critical issues and exceptions to any security control. Ensure quality assurance efforts for routine PSAs.
• Develop a comprehensive understanding of all BU information security risks. Predict the needs for risk assessment, review, adjustment or escalation of risk rating, and any other demands within the risk lifecycle. Guide related efforts.
• Establish executive relationships and act as a trusted advisor to the BU's management team. Integrate into the BU project planning process to ensure that appropriate levels of security oversight exist.
• Direct, consult, collaborate, and lead to integrate security with BUs goals and initiatives.
• Represent the BU by sharing its specific threats, requirements, and insights with the EGSO Leadership, other SPs, and members of the Information Technology (EITS) and security organization. Champion resource discussions based on the needs, risks, and priorities of that BU.
• Provide strategic leadership to support BU-level decision-making, product development, system implementations, and the change management associated with the use of new security processes.
• Maintain an ongoing partnership to build environments and deploy technologies in a secure manner and mitigating risks beforehand – positioning security as an enabler of business.
• Analyze information security trends internal and external to the business and keep business-facing leadership informed about information security-related risks and incidents. Provide strategic direction for appropriate response (Threat Informed Defense Approach).
• Promote corporate cybersecurity awareness activities and help implement security awareness concepts locally to suit the BU.
• Design and review security metrics to measure security effectiveness at the BU and corporate level. Execute security partner team metrics (e.g., request volumes, SLA adherence, QA-KPIs, etc.).
• Communicate risk to BU leadership concerning BU-specific goals, projects, and changes (people, process, technology).
• Interpret how BU-specific risks factor into firmwide risks at senior-level, e.g., Regional Management Committees (RMC), NA Security Review, and Security and Continuity Steering Committee (SCSC).
• Lead continuous improvements related to the monitoring and measuring of policies, processes, and controls that support compliance with industry and regionally specific mandates, laws, and regulations specific to assigned BU.
• Collaborate with other governance functions on educating BU leadership on prospective changes to relevant mandates, laws, and regulations. Identify any gaps that may exist and lead remediation efforts.
• Identify any BU-specific requirements that may exist due to geography, region, data, etc., and how those differ from or overlap with firmwide or departmental mandates.
• Oversee the completion of internal and external security assessments for the BU.
• Identify opportunities for process improvements to evolve the team's capabilities. Lead tiger teams-department working groups that target strategic improvement initiatives.

Qualifications

• Bachelor's Degree in a relevant major or equivalent experience in security, risk, audit, compliance, and management.
• 10+ years of experience in an IT-security field with evidence of a technical background or security risk assessments - audit field.
• Relationship management, team building, and facilitation.
• Interpretation and application of security policies, standards, and procedures.
• Ability, drive and to research and provide the right guidance and find possible solutions.
• Skill to counter where the risk outweighs the benefits.
• Can speak to audiences at varying corporate altitudes and business functions.
• Skill to shape opinions based on knowledge-experience to align key initiatives with stakeholders.
• Curiosity to ask questions and challenge status quo.
• Beneficial certifications: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP).

Knowledge

• Knowledge of major security domains including application security, vulnerability management, incident response, cloud security, etc.
• Information technology-related frameworks, such as International Standards Organization (ISO) 27001 series, NIST series, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT).
• Experience with privacy-related regulations, such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), and regional breach notification laws.
• Basic knowledge of vertical-specific frameworks and regulations is beneficial, e.g., FedRAMP, FFIEC, HIPAA, and PCI.

Additional Information

This is a permanent home-based role in Costa Rica. No relocation available.

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work, Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Onsite