We are looking for an experienced security professional with practical hands-on people management, process, policy and delivery experience whilst migrating applications to the cloud.
This is an exciting time to join Equifax as an Information Security Officer – Compliance & Regulation. We have active global programmes of work supported by significant investment in our security posture. You will join a global brand where security is a core part of its operations.
As the Information Security Officer – Compliance & Regulation, the key activities you will be responsible for include the identification, assessment and management of security risks associated with the local business operations of Equifax, and for local maintenance of the ISMS (including training & awareness, auditing and continuous improvement). Your scope of this role covers operational sites in Leeds, Nottingham, London, Dublin and Wexford.
You will be responsible for managing ISO27001 and PCI-DSS programmes in the UK & Ireland and support other EU regions as required. A critical part of this role is to provide local insight and guidance to the global teams who are responsible for providing security engineering, security operations, security compliance, investigations, physical security, and security awareness.
Since we are actively migrating our systems to cloud services, experience in this area is very desirable, as is a good working knowledge of general IT security concepts, terminology and technologies since a big part of this role is to support the provision of direct advisory services to the business.
About TDX Group - An Equifax Company
We've been a pioneer in the debt recovery industry for over a decade, helping businesses drive fair and appropriate consumer treatment by using data and intelligence.
We meet the exacting standards of our clients who are some of the biggest banking, retail and utility names as well as the UK government. The key to TDX's success has been the scope to build and deliver industry-leading performance portfolios, combining precise execution with high quality analytical insight and continuous creativity to our partners.
The perks of being a TDX employee?
- We offer excellent compensation packages with high-reaching market salaries, pension, along with the works: comprehensive healthcare packages, schedule flexibility, collaborative work spaces, and organisational growth potential
- Grow at your own pace through online courses at Learning @ TDX
What you’ll do:
- Lead risk & control assessments using existing processes. This will include external vendor and partner due diligence, assisting the privacy team with areas covering data protection, security project advisements in relation to compliance requirements.
- Building and maintaining a quality ISMS to support ISO27001 certification
- Conducting supporting PDCA reviews to support on-going ISO27001 certification
- Managing resources to deliver successful, on-going PCI-DSS compliance
- Being a point of contact across all our businesses in the UK and Ireland and managing senior stakeholders in relation to compliance activities
- Build pragmatic and cost-effective security solutions that efficiently support customer needs.
- Provide advisory and assurance support for our products, processes and systems as they are developed
- Lead assurance activities relating to ISO27001 and assist with PCI-DSS compliance activities by assessing the effective implementation and operation of systems and controls to manage the information security risks;
- Support the VP European Security in the production of relevant metrics and reports as needed and on a monthly basis
- Be one of two on call team members for incident notification
We are looking for someone who has practical knowledge and experience of information security compliance with end-to-end delivery of ISO27001 and PCI-DSS programmes. You will also need experience of financial services regulatory requirements and data protection/GDPR.
To be considered for this role you will need to have extensive experience working with similar projects and programmes in an international environment where you can demonstrate collaborative working with multi-disciplinary teams. We are aligned to key frameworks including ISO27001, PCI-DSS and NIST and experience of implementing these and complying with them is critical.
- Extensive practical and demonstrable experience of information security management (technical and non-technical aspects), data protection and privacy
- Strong ability to plan, organise and prioritise tasks and projects effectively and manage other team members in the delivery of key tasks. Being able to demonstrate experience of managing multiple and competing priorities
- Strong experience in a matrixed environment, supporting multiple business lines and contributing to and collaborating with an international organisation
- Strong evidence of being able to balance risk and control requirements while appreciating commercial goals
- Holding one or more professional qualifications such as CISSP, CISM, CISA, CCSP, PCI-ISA
- An experienced people manager
- Able to travel between our UK&I sites on a regular basis
Extra points for any of the following:
- Experience of cloud migration
- Implementing security programmes that achieved ISO27001 and PCI-DSS compliance
- Experience of serving government clients
Success attributes of an Equifax employee; does this describe you?
- Think and act differently
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
If this sounds like somewhere you want to work, don’t delay, apply today - we’re looking for you!