Information Security Specialist Lead

About the role

We are looking for an Information Security Specialist Lead to drive the design, documentation and maintenance of Experian’s enterprise‑wide security risk and controls framework. Reporting to the Information Security Director, you will work across regional business units and central IT teams to ensure that security controls are aligned with risk registers and industry standards.

Key responsibilities

• Lead the development and upkeep of the integrated risk and controls framework, populating the controls library with input from regional and central owners.
• Review and validate control activities against established standards, identifying gaps and recommending remediation.
• Produce management reports, risk summaries and presentations that communicate the state of the controls program.
• Design and deliver workshops on controls implementation for owners across the enterprise.
• Map security controls to risk types and entries in the Archer GRC platform.
• Monitor internal and external risk indicators and feed them into assurance activities.
• Standardise processes and capture stakeholder feedback to continuously improve the risk and controls program.

Required profile

• Minimum 5 years of experience in IT audit, information‑security control assessments or related fields.
• Proven ability to work with governance, risk and compliance (GRC) tools, preferably Archer.
• Strong understanding of security frameworks such as ISO 27001/27002, NIST CSF, PCI DSS and HIPAA.
• Familiarity with risk‑analysis methodologies like Open FAIR, NIST 800‑37 and NIST 800‑39.
• Experience with cloud security, especially in an AWS environment.

Required skills

• Archer GRC platform
• AWS cloud security
• ISO 27001 / ISO 27002
• NIST Cybersecurity Framework
• PCI DSS
• HIPAA compliance
• Open FAIR risk modeling
• NIST 800‑37, NIST 800‑39