Company Description

Who are Experian?

We are the world’s leading global information services company. During life’s big moments – from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers – we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organisations to prevent identity fraud and crime.

We have 20,000 people operating across 44 countries and every day we’re investing in new technologies, talented people, and innovation to help all our clients maximise every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Our approach to flexible working

We care about work that works, whether that’s about where you work or adjusting your hours to fit better with your life. Our flexible working practices, including our hybrid working model where you can split your working time between the office and your home, support our belief that this balance brings long-lasting benefits for our business as well as ensuring that our people can balance successful careers with their commitments and interests outside of work. So that you can love where you work, please discuss what works for you with your recruiter during the hiring process.

Accepting you, for you.

We want you to feel accepted for who you are and to feel safe, valued and to help us build a culture of true belonging. Experian is proud to be an equal opportunity employer and we take affirmative action to create a more inclusive and equitable world of work. We are committed to equal employment opportunities regardless of age, disability, gender identity, marital status, race, ethnicity, faith or belief, sexual orientation, socioeconomic background, Veteran status or whether you’re pregnant or on family leave.

Job Description

The Information Security Manager is responsible for supporting the business in driving information security and risk management activities to deliver security and resiliency of the cloud platform within our Platform Security team. The Platform Security team ensures the security risks to the platform and its information are appropriately managed through collaboration with groups across the business. A key goal for this function is to increase the security maturity of the cloud platform through establishing a robust framework and gaining and maintaining ISO27001 and SOC II security accreditation.

Primary Accountabilities:

• Work closely with Platform Operations, Development, Delivery, Support, and corporate security to ensure appropriate controls are designed and operate effectively.
• Ensure risk assessments are undertaken and support teams in identifying and reporting risks. Maintain the risk register ensuring risks are actively managed and treated.
• Ensure appropriate documentation is in place supporting the creation of policies, procedures, and standards as appropriate to the ISMS and aligned to corporate security policies
• Generate and maintain management reporting against Key Risk Indicators and establish treatment plans to address areas outside of risk appetite
• Support the establishing of the ISMS and strategy for achieving ISO27001 within agreed timescales
• Perform periodic control reviews to identify areas of control failure and/or ISMS non-compliance
• Manage and maintain the internal and external audit schedule ensuring relevant teams are well prepared and supporting audit activities

Qualifications

Significant Demands:

• Track record of successfully establishing and maintaining a security framework against ISO27001
• Strong ability to clearly articulate risks and controls, and build strong relationships with peers to achieve security objectives
• Knowledge of cloud technologies, services, and agile security practices such as DevSecOps, Kubernetes, Amazon AWS, etc. with hands-on experience using security monitoring tools (Panaseer, Wiz.io, Amazon Security Hub etc.)
• Experience undergoing security audits and managing responses to security questions from internal and external stakeholders
• Excellent communication skills, including the ability to create clear documentation and presentations to convey complex issues at varying levels across technical and non-technical teams
• Relevant qualifications such as CISSP, CISM, ISO270001 Lead Implementor/Auditor