Information Security Specialist Lead

Remote from: Costa Rica
Annual salary: Undisclosed
Salary information is not provided for this position. Check our Salary Directory to estimate the average compensation for similar roles.
Department: Technical Support
Employment type: Full Time,
Job posted: 22 May 2026
Apply before: 22 Jun 2026
Experience level: Senior
Views / Applies: 44 / 3

Experian unlocks the power of data to create opportunities for consumers, businesses and society.

Actively Hiring

AI Summary

Experian is seeking an Information Security Specialist Lead to join their global team. This role involves leading the identification, documentation, and formalization of security risk and controls frameworks across the enterprise. The ideal candidate will have over 5 years of experience in IT audit or information security control assessments, with knowledge of frameworks like ISO 27001, NIST, and PCI DSS. Responsibilities include managing the controls library, conducting risk assessments, and collaborating with security and IT teams. The position offers an opportunity to work with cutting-edge technologies and contribute to a sound security posture at a leading data and technology company.

Job Complexity

Easy Hard

AI Insight The role requires extensive experience (5+ years) in specialized areas like IT audit and security controls, along with knowledge of multiple frameworks and GRC tools. The senior leadership interactions and strategic responsibilities make it challenging, but not the hardest due to the availability of similar roles in the industry.

Salary Analysis

AI Insight The salary for this role is not specified in the listing. Based on US market data for Information Security Specialist Lead roles, the median salary is estimated at $135,000. This is a competitive range for a senior-level position requiring 5+ years of experience and specialized certifications.

Key Skills

Information Security Risk Management GRC Tools ISO 27001 NIST CSF PCI DSS Cloud Security Audit CISSP Archer

Cover Letter Sample

Dear Hiring Manager,

I am writing to express my strong interest in the Information Security Specialist Lead position at Experian. With over 5 years of experience in IT audit and information security control assessments, I have developed a deep expertise in risk management frameworks such as ISO 27001, NIST, and PCI DSS. My proficiency with GRC tools like Archer and my ability to lead cross-functional teams align perfectly with the responsibilities outlined in the job description.

In my previous role, I successfully led the implementation of a comprehensive controls library and facilitated workshops with senior leadership to enhance security posture. I am particularly drawn to Experian's commitment to leveraging data and technology to drive innovation and security. I am eager to bring my skills in risk assessment, control design, and stakeholder collaboration to contribute to your team's goals.

Thank you for considering my application. I look forward to the opportunity to discuss how my experience can support Experian's mission.

Sincerely,
[Your Name]

Possible Interview Questions

Can you describe your experience with implementing and maintaining a controls library in a large enterprise?

In my previous role, I led the development of a centralized controls library using Archer GRC. I worked with control owners across IT and security teams to document and align controls with ISO 27001 and NIST CSF. I also established a review process to ensure controls met standards and reported gaps to management.

How do you stay updated with emerging security risks and incorporate them into the risk management framework?

I regularly monitor threat intelligence feeds, attend industry conferences, and participate in professional networks. I also track internal risk indicators and external sources like CVE databases. I then update the risk register and controls framework accordingly, ensuring alignment with new threats.

Explain a time you facilitated a workshop with senior leadership on security controls. What was the outcome?

I facilitated a workshop for C-level executives to discuss control implementation priorities. I used a risk-based approach to highlight critical gaps and proposed a roadmap. The outcome was approval for a phased implementation plan and increased budget for key controls.

What is your approach to assessing the effectiveness of security controls?

I use a combination of control testing, vulnerability assessments, and audit findings. I evaluate controls against design and operating effectiveness, using frameworks like NIST 800-53. I also leverage GRC tools to track control performance and generate reports for stakeholders.

How would you handle a situation where a control owner disagrees with your assessment of a control gap?

I would first listen to their perspective and gather evidence to support my assessment. Then, I would facilitate a discussion to align on risk impact and potential remediation. If needed, I would escalate to senior management with a clear risk analysis to reach a consensus.

Company Description

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Job Description

Reporting to the Information Security Director, you will lead the identification, documentation, and formalization of security risk and controls framework across the Enterprise to meet the cybersecurity and risk requirements set by Experian.

The Information Security Specialist Lead will contribute to the team’s goals of ensuring a sound security posture by assessing the risk-based design of security controls and security capabilities.

You will contribute the design and operation of best practice cyber risk management practices, collaborating with partners across all Security and IT teams in the Enterprise.

Responsibilities:

Lead the security risk and controls strategies in engaging with Regional BU and Centralized security and IT control owners across the Enterprise to populate the controls library.
Maintain and update the integrated risk and controls framework based on information security policies and industry best practices and standards.
Review control activities populated by control owners to ensure they align with requirements outlined in control standards and goals.
Identify, document, and report control activity gaps and provide recommendations for remediation.
Compile management reports, summary analysis, and detailed presentations to describe risk and controls program.
Develop and present content for controls implementation workshops with control owners across the Enterprise.
Ensure information security controls are aligned and mapped to applicable risks (risk types and risk register entries) in Archer GRC platform.
Monitor and stay informed about internal and external risk indicators for impacts and potential disruptions to Experian and our mission. Provide these risk indicators as inputs to control assurance and other EGSO activities.
Contribute to the efficiency of the risk and controls program by ensuring that processes and methodologies are standardized, and stakeholder feedback is captured to ensure improvement and an engagement model.

Qualifications

5+ years of experience performing IT Audit, Information Security control assessments.
Experience with GRC tools, such as Archer.
Knowledge of information security frameworks such as ISO 27001/2, NIST CSF, PCI DSS, and HIPAA.
Knowledge of information security risk management management/analysis frameworks such as Open FAIR, NIST 800-37, NIST 800-39.
Knowledge of governance, risk, and controls principles and operational impacts of cybersecurity lapses.
Knowledge of IT technologies and methods to secure them with a knowledge of Cloud security. A working knowledge of AWS cloud environment is beneficial.
Guide the Risk and Control teams continuing maturity using new technologies such as AI and ML.
Proficient in security control design, implementation, and evaluation.
Proficient in performing impact/risk assessment.
Experience facilitating small to medium size group meetings with senior leadership audiences.
Bachelor’s degree in computer science, management information systems or relevant field or equivalent demonstrable experience.
Certifications: CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or comparable certifications.

Additional Information

Our uniqueness is that we celebrate yours. Experian’s people first, inclusive and purpose driven culture is multi award-winning; World’s Best Workplaces™ 2025 (Fortune Global Top 25), Great Place To Work™ in 26 countries to name a few. Check out Experian Life on social or explore our Careers Site to understand why.

Experian is proud to be an Equal Opportunity Employer for all groups protected under applicable federal, state and local law, including protected veterans and individuals with disabilities. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

#LI-Remote

This is a remote position.

Apply now >