Business Information Security Officer – Centers of Excellence (J00122776)
Equifax is looking for a Business information Security Officer (BISO) who can handle the needs of Legal, Operations, EWS COEs, while also screening off lower level client needs like contract review, Loopio support for questionnaires, footwork for onsites, security package submission, and development of client facing security collateral.
Who is Equifax?
At Equifax, we believe knowledge drives progress. As a global data, analytics and technology company, we play an essential role in the global economy by helping employers, employees, financial institutions and government agencies make critical decisions with greater confidence.
We work to help create seamless and positive experiences during life’s pivotal moments: applying for jobs or a mortgage, financing an education or buying a car. Our impact is real and to accomplish our goals we focus on nurturing our people for career advancement and their learning and development, supporting our next generation of leaders, maintaining an inclusive and diverse work environment, and regularly engaging and recognizing our employees. Regardless of location or role, the individual and collective work of our employees makes a difference and we are looking for talented team players to join us as we help people live their financial best.
The Perks of being an Equifax Employee?
- We offer excellent compensation packages with market competitive pay, comprehensive healthcare packages, 401k matching, schedule flexibility, work from home opportunities, paid time off, and organizational growth potential.
- Grow at your own pace through online courses at Learning @ Equifax.
What you’ll Do
- Increase operating leverage in the delivery of customer questionnaires, root cause analysis documents, incident investigations, third party assessments, customer-requested penetration tests, and related areas.
- Oversee and drive investigation of sensitive security matters regarding data access, employee matters, and other internal affairs. Prepare reports for senior leaders; diagnose and drive implementation of corrective actions by internal stakeholders.
- Evaluate Legal, Finance, Human Resources, and Operations business processes for opportunities to strengthen security, and streamline security efficiency; partner to implement.
- Serve as a subject-matter expert and adviser to the Workforce Solutions Legal Team on the implications of information security duties presented in potential business contracts.
- Track and drive important initiatives by yourself and through effective use of project management resources. Effectively communicate progress to various stakeholders. Demonstrate accountability.
- Develop and apply influence to achieve desired outcomes.
Serve as a subject-matter expert on a broad variety of security topics, including technology aspects, risk, governance, and compliance aspects. Be a capable first-stop in all of these areas, with second-level support from the SME colleagues on your broader team.
- Understand and champion Equifax security policies to your internal customers. Help them to adhere to policies and risk governance processes. Serve as a security awareness resource for all of Equifax Workforce Solutions. Demonstrate a service oriented and desire-to-help ethic. Learn how your customers work and meet them on their terms whenever possible.
- Engage effectively with external clients as needed, preparing and overseeing preparation of compelling written and visual materials, and presenting these materials to clients as part of new-business solicitation, annual security reviews, and on other related occasions.
- Function as an outstanding written and visual communicator; a proven executor who can track and drive open items to closure; a trusted advisor who can build and deploy influence in the organization toward solving security problems; and an accountable partner who takes ownership.
Required Competencies / Skills:
- Bachelors in MIS, Business Administration, or similar with previous experience at or above the Senior Manager / Director level (or comparable)
- 10+ yrs in information security risk and controls.
- 7+ yrs of experience in third-party oversight, risk governance, writing and advising on policy and procedures, management of security exceptions.
- 5+ yrs of experience analyzing specific business and technology situations, understand inherent risk in terms of confidentiality, integrity, and availability; recommend suitable controls and remediation plans; validate implementation and control effectiveness; compute residual risk.
- 5+ yrs of experience performing or participating in IT Security audits, working with auditors, and/or being an auditor. Experience creating and driving Management Action Plans.
- 5+ yrs of experience developing, reviewing, and improving business processes from an information security perspective.
Extra Points for any of the following
- Previous experience as a BISO
- Experience with Google Cloud (GCP)
- Exceptional technical security skills
- Previous experience working with external clients
- Experience obtaining or maintaining compliance certifications such as PCI, HIPAA, ISO, SOC1/2, etc.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
If this sounds like somewhere you want to work, don’t delay, apply today – we’re looking for you!