Information Security Risk and Controls Senior Manager, Ruddington
Client: Experian
Location: Ruddington, United Kingdom
Job Category: Other
EU work permit required: Yes
Job Reference: 3b5e93d99d96
Job Views: 5
Posted: 05.05.2025
Expiry Date: 19.06.2025
Job Description
The Information Security Risk and Controls Senior Manager will be part of a team that establishes Experian's information security risk and controls framework, informed by industry standards and the latest risks. You will provide subject matter expertise in cyber risk management practices and security control guidance to control owners. You will report to the Director of Information Security Risk and Controls Assurance.
Responsibilities
1. Lead the second line security risk and controls team, framing and driving the vision for a security risk management framework.
2. Collaborate with global partners, including 1LoD and 2LoD risk practitioners, to develop the enterprise security risk management program.
3. Partner with Global Risk Management (GRM), the Business, departments, and other risk partners to ensure comprehensive identification, tracking, measurement, mitigation, resolution, and reporting of risks, providing second line oversight of security risk.
4. Maintain the information security risk and controls framework, following industry standards, enterprise security policies, technological changes, and emerging risks.
5. Use business process knowledge and technical expertise to influence control design quality supporting ongoing control programs.
6. Serve as the primary security risk liaison for departments, including executive partners, communicating with business and technology leaders to ensure visibility and understanding of security risks.
7. Stay informed on security best practices, regulations, market trends including cloud and AI, and their impact on Experian's risk environment.
Qualifications
1. Proven experience in Information Security Risk Management responsibilities and control assessments.
2. Background in managerial/management roles in information security risk or cybersecurity consulting.
3. Expertise across all phases of the risk management lifecycle within a technology or security risk management program.
4. Certifications such as CISSP, CISA, CISM, CRISC, or equivalent.
5. Knowledge of risk management frameworks like Open FAIR, NIST 800-37, NIST 800-39.
6. Experience with cloud security controls across multiple CSPs.
7. Knowledge of security control frameworks such as ISO 27001, NIST, PCI, HIPAA.
8. Experience with GRC tools, e.g., Archer, preferred.
Additional Information
Benefits include:
* Flexible hybrid or in-office work environment.
* Competitive compensation and discretionary bonus.
* Core benefits: pension, healthcare, sharesave scheme, and more.
* 25 days annual leave plus 8 bank holidays and 3 volunteering days, with options to purchase additional leave.
Experian values diversity and is an Equal Opportunity employer. We foster an inclusive environment where everyone can succeed and bring their whole self to work. If accommodations are needed, please inform us early.
Join Experian - Creating a better tomorrow together.
#J-18808-Ljbffr