Synopsis of the role
Provide direction, leadership, support and training to the information security team. Act as the key local security contact for the general manager and leadership team. Proactively advise management and staff about potential security or compliance risks that may have a material impact on the business.
Implement key security programs including: fraud, incident response and investigations, security assessments, security advisements on key business initiatives, 3rd party vendor risk assessments, security policy awareness, customer compliance, security contract review, customer security credentialing and auditing, physical security, incident and emergency response and security technology deployments
Who is Equifax?
At Equifax, we believe knowledge drives progress. As a global data, analytics and technology company, we play an essential role in the global economy by helping employers, employees, financial institutions and government agencies make critical decisions with greater confidence.
We work to help create seamless and positive experiences during life’s pivotal moments: applying for jobs or a mortgage, financing an education or buying a car. Our impact is real and to accomplish our goals we focus on nurturing our people for career advancement and their learning and development, supporting our next generation of leaders, maintaining an inclusive and diverse work environment, and regularly engaging and recognizing our employees. Regardless of location or role, the individual and collective work of our employees makes a difference and we are looking for talented team players to join us as we help people live their financial best.
The Perks of being an Equifax Employee?
We offer excellent compensation packages with market competitive pay, comprehensive healthcare packages, schedule flexibility, work from home opportunities, paid time off, and organizational growth potential.
Grow at your own pace through online courses at Learning @ Equifax.
What You’ll Do
Serve as the senior-most security point of contact for the Canada commercial lines of business. Partnering directly with the GM and leadership team, direct all security aspects of product strategy and the value pitch to customers. Represent the business and its products to potential and existing customers.
Act as the point of contact when customer third-party assurance teams reach out to schedule a security audit. Maintain an annual audit calendar, caring for the availability of resources and other constraints to ensure that all audits are successful.
Coordinate effectively across the other Equifax lines of business when a proposed audit concerns more than one line of business.
Develop and routinely execute a rigorous pre-audit process based on the customer’s advance document request list and / or questionnaire. Use your own expertise in security, risk, and controls to plan the lines of discussion so that requests are filled correctly, efficiently, and with minimal digression. Effectively leverage other internal SMEs to respond to deep domain questions.
Lead execution of customer audits. Use your security and technical acumen, customer service skills, and communication skills to deliver effective, efficient audits that satisfy our customers’ inquiries.
Build and manage a small team of security customer service professionals to assist you in your responsibilities of scheduling and executing customer audits and non-routine customer inquiries.
Other duties as assigned by the VP Security officer. Additional responsibilities will be in the Customer Security domain (supporting RFPs, contract negotiations, customer calls, etc.) and potentially in other security areas (e.g., supporting the Technical Security team) based on skills and growth trajectory
At least 7 years of work experience in information security, with roles encompassing direct responsibility for audit, compliance, risk management, or related functions.
CUSTOMER Perspective: Significant experience being audited and/or auditing others in roles such as: third-party security assurance, internal IT / security audit, or being responsible for a firm’s PCI, SOC2, or other information security compliance. Significant experience as a third-party security auditor, or responding to such audits will be required.
BUSINESS Perspective: Exposure to business disciplines while serving in previous security roles, such as: strategy, pricing, competitive analysis, business economics, mergers and acquisitions, sales, marketing, communications, etc. Any experience you have had combining security with these domains (e.g. security sales, sales engineer, customer success, etc.) would be relevant and valuable.
IT Perspective: Previous experience as an IT practitioner helps you to empathize and partner with our key stakeholders in Technology. We believe that it also produces the most well-rounded and capable security professionals. Whether it is in help-desk, network, server, database, software development, or another discipline, previous work as an IT professional in your career journey is a relevant, desirable qualification.
SECURITY Perspective: As first and foremost an information security professional on an information security team, you will be expected to have a strong mid-career command of risk management. This starts by knowing the major types of threat actors and attacks, and being able to map those relevant to our specific industry. You’ll then need to know the major classes of countermeasures that a security program would use to countermand each type of threat actor / attack; and even if you have not served as a technical control operator, we expect you to know the common hallmarks of how to assess a control’s effectiveness against a threat. The more detailed and technical you can get in these regards, so much the better.
OPERATIONAL Perspective: This role is one of the most multidisciplinary on the team. Although your primary skill set must still be security, risk, and controls - strong customer service, communication, and project management skills are almost equally as important. You will need to be disciplined in designing and driving to a pre-audit plan, post-audit follow up, keeping a schedule of audits, keeping minutes and records, and coordinating across our team and the customers’ teams.
Extra Points for any of the Following
We prefer but do not require a bachelor’s degree in computer science, information security, management information systems, or a related field. We prefer but do not require an MBA degree. Candidates without relevant degrees will be expected to demonstrate similar qualifications through their previous work experience
Academic understanding of business concepts (e.g. BBA, MBA, MIS, etc.) desired but not required
Desired previous experience with cloud technologies and security; Google Cloud (GCP) preferred.
Success Attributes of an Equifax employee; does this describe you?
Think and act differently
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
If this sounds like somewhere you want to work, don’t delay, apply today - we’re looking for you!
Function:Function - Security Governance and Compliance