Overview
Experian Global Security Office are looking for an Information Security Controls Automation Specialist. You will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premises and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard Experian's assets. You will automate the review of security controls by reducing manual effort and increasing assessment efficiency. You will blend cybersecurity governance, risk and compliance (GRC) and automation engineering to improve evidence collection and control validation crucial for supporting the security organization's control assurance program. You will collaborate with control owners, engineers, and the security control assurance team to identify automation opportunities, implementing scripts or integrations for both on-prem and cloud environment tools and validating outputs against the security controls and defined test steps. This is a Hybrid position with 2 days a week expected in the office in Nottingham or London reporting to the Information Security Risk and Controls Director.
Internal Grade D/EB8
Responsibilities
- Analyze and automate existing manual test steps for assessing operating effectiveness of security controls in both cloud and on-prem environments
- Develop automated control mechanisms (e.g. scripts, APIs, compliance dashboards), integrating validation logic into CI/CD pipelines, cloud environments, and endpoint tools.
- Enable continuous control monitoring (CCM) by developing reusable logic and ensuring automated controls produce evidence fit to support control assessments.
- Develop dashboards visualizing compliance status and resolve platform integration errors.
- Analyze false positives and drive remediation of those indicators.
- Maintain a control automation backlog and document all automated control logic, control mappings and system configurations.
Qualifications
- Experience in automation development, ideally specific to information security controls.
- Experience with information security control testing methodologies, information security risk assessments, auditing tools and an interest in emerging technologies.
- Security tooling (e.g. SIEM, Identity and Access Management platforms, DLP), cloud platforms (AWS, GCP, Azure), Infrastructure as Code (Terraform) and scripting languages (e.g. Python). Experience with workflow platform such as tines.io
- Knowledge of cloud architecture and cybersecurity domains and principles.
- Professional certification such as AWS Solutions Architect, CCSP, CISSP, CRISC, ISO 27001 Lead Auditor, or equivalent.
Technical skills
- Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender.
- Hands-on experience with API integrations and scripting (e.g. Python, PowerShell, JavaScript).
- Experience with IT Service Management, DevOps, Identity and access management, ERP systems (e.g., SAP, Oracle) and GRC tools.
- Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
Additional Information
Benefits package includes:
- Great compensation package and discretionary bonus plan
- Core benefits include pension, bupa healthcare, sharesave scheme and more
- 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
#J-18808-Ljbffr