Information Security Consultant

Role Description

Operational

– Perform deep dive security assessments for existing applications, technology or processes.
– Provide consultancy for security assessments for new projects – this includes but not limited to new application development projects, data centre build, network enhancements, or any other new technology or infrastructure build/enhancements
– Perform pre and post-acquisition assessments, develop formal reports and present risks to key stakeholders, business partners and RISOs

Relationship Building

– Partner with businesses and technology to research and provide security guidance for strategic projects involving new technologies or concepts (e.g. moving a core application to cloud, or developing mobile application, new authentication technology, encryption techniques or technologies, etc.).
– The position requires on-going partnership (vs. one time guidance) to build environments and deploy technologies in a secure manner and mitigating risks beforehand – truly positioning security as an enabler of business

Customer

– Champion a culture that achieves the business goals, delights customers and keeps consumer advocacy at the heart of everything that Experian does.
– Ensure that good client / consumer outcomes are at the centre of decision making.
– Promote great service and seek to exceed client / consumer expectations.

Regulatory, Governance and Control

– Adhere to all regulatory requirements within area of responsibility and escalate issues quickly.
– Pro-actively identify risks and take steps to mitigate these.
– Ensure team members understand the importance of adhering to their regulatory obligations and responsibility for implementation of company policies and procedures. d. Ensure team members understand the operating model and the functional and individual responsibilities
– Provide support to regional process owners with RFI’s, RFP’s, BID’s and Contracts by interpreting and responding to client security questionnaires.
– Support audits in pre and post on-site audit activities e.g. rescheduling Subject Matter
– Experts (SME’s), gathering evidence, etc. and co-ordinate work with internal sales teams, client service management and other Business Units.
– Maintain client security documentation by making regular scheduled reviews and updates

Position Requirements

8+ years of experience in security field specially around security assessments or audit field

Must have a strong technical background with prior hands-on experience a plus

Must have demonstrable experience and strong understanding of technologies in one or more of the following areas: advanced authentication technologies, Cloud security, mobile app

Development and security, SAML, switching and routing, network and end point security

Technologies (e.g. AV, FireEye, end point encryption, endpoint and network DLP, Cloud app

Security, end point intelligence), encryption and encryption key management, database and

Application monitoring, networking, system hardening, Active Directory, Linux, etc.)

Ability, drive and motivation to research and provide the right guidance and find possible solutions.

Ability to push back where the risk outweighs the benefits

Curiosity to ask questions and challenge status quo

Strong leadership skills.

Excellent verbal and written communication skills.

Problem Solving & Analysis.

Process driven, and has eye for detail, automation and efficiency to improve programs/processes.

Good collaboration, relationship and interpersonal skills.

Qualifications

Bachelor’s degree in computer science or relevant field or equivalent demonstrable experience

CISSP required

CISA, CISM, PCI QSA or comparable certifications preferable

Apply now

Application Form

    The fields marked with "*" are required

    Attach your CV*
    Only PDF, DOC and DOCX files allowed. Maximum file size is 8MB.

    Attach your Cover Letter
    Only PDF, DOC and DOCX files allowed. Maximum file size is 8MB.

    I agree that my personal data can be processed in relation to my application, under the provided terms (Data Privacy Notice). I prefer to be contacted by: