**Who this is for** This senior-level Information Security Specialist role at Experian is for experienced professionals with 5+ years in security assessments or
Work type: hybrid
Location: Cyberjaya, Selangor
Type: Full-time
**Who this is for** This senior-level Information Security Specialist role at Experian is for experienced professionals with 5+ years in security assessments or audit. The ideal candidate will have a technical background, strong leadership, problem-solving skills, and the ability to challenge the status quo. Certifications like CISA, CISM, CISSP, or PCI QSA are required. **Key highlights** This is a full-time, hybrid position based in Cyberjaya, Selangor. You will play a crucial role in improving the Third-Party Security Management System by conducting reviews, identifying deficiencies, and driving remediation activities for both new and existing third-party entities. Experian is recognized for its strong people-first approach, focusing on DEI, work/life balance, and development. **You might be a good fit if you...** - Have substantial experience with third-party security assessments or audits. - Are process-driven with a keen eye for detail and efficiency. - Possess relevant security certifications (CISA, CISM, CISSP, PCI QSA). - Can effectively identify and drive remediation for security deficiencies.
## Job Description
<p>The Third-Party Security Assessor undertakes general Third-Party Security reviews. There are three major aspects to this position:</p><ul><li>Conducting reviews of NEW Third-Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements; driving security contract language and inputs into the Risk Management Process.</li><li>Conducting reviews of EXISTING Third-Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements and inputs into the Risk Management Process.</li><li>Supports the Global Head of Third-Party Security to continuously improve the local Third-Party Security (TPS) Management System and ensure that it meets local regulatory, policy and business requirements.</li></ul><p><strong>Primary Responsibilities</strong></p><ul><li>Update the Third-Party inventory and program within the region.</li><li>Perform security assessments for new and existing Third Parties using the Third-Party Security Framework.</li><li>Supports in the development and improving TPS program.</li><li>Provide on-demand consultancy to other teams within Information Security, Governance and the Business to assist in improving the security posture of third-party organisations.</li><li>Partner with regional TPS team, regional indirect sales and procurement to ensure procedures meet regional requirements / operating practices.</li><li>Identify information security deficiencies, risks and exceptions to appropriate parties as soon as possible. Ensure 1LoD ownership and ensure non-compliance issues, exception justification, mitigation controls and risks are appropriately captured.</li><li>Work with RISOs and other GSOs governance functions - assist and / or drive remediation activities in order to mitigate security deficiencies identified.</li><li>Supports the development of statistical reports on compliance deficiency trends and violations.</li></ul><p> </p>
## Qualifications
<ul><li>5+ years of experience in security field specially around security assessments or audit field.</li><li>A technical background with prior hands-on experience a plus.</li><li>Ability, drive and motivation to research and provide the right guidance and find possible solutions. Ability to push back where the risk outweighs the benefits.</li><li>Curiosity to ask questions and challenge status quo.</li><li>Strong leadership skills.</li><li>Excellent verbal and written communication skills.</li><li>Problem Solving & Analysis.</li><li>Process driven, and has eye for detail, automation and efficiency to improve programs / processes.</li><li>Good collaboration, relationship and interpersonal skills.</li><li>CISA, CISM, CISSP, PCI QSA or comparable certifications required.</li></ul>
## Additional Information
<p>Our uniqueness is that we truly celebrate yours. Experian's culture and people are key differentiators. We take our people agenda very seriously and focus on what truly matters; DEI, work/life balance, development, authenticity, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experian's strong people first approach is award winning; Great Place To Work™ in 24 countries, FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.</p><p> </p><p>