Advisor, Technology & Security Risk Management

TransUnion's Job Applicant Privacy Notice

Personal Information We Collect

Your Privacy Choices

What We'll Bring:
At TransUnion we have a welcoming and energetic environment that encourages collaboration and innovation - we're constantly exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius. Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.

Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.

Risk & Compliance (R&C) plays a key role in the Company's risk management governance, policies, and processes. R&C ensures risk is proactively identified, managed, mitigated, and governed in accordance with the enterprise risk management framework and in keeping with the Company's risk appetite. R&C is a core component of the second line in the Company's implementation of the three lines model of risk management.

• 4+ years experience in related roles such as risk management, compliance, audit, and information security, with specific focus on technology and information security.
• Expertise in information security domains and risks in areas such as threat modeling, security architecture, identity and access management, security development lifecycle, application security, and vulnerability management.
• Excellent communications skills, with the ability to effectively interface with senior management, regulators, and external entities.
• Leadership, influencing, and relationship-building skills.
• Excellent analytical and problem-solving abilities, with a keen attention to detail and a results-oriented mindset.
• Some project management skills and are comfortable with organizing and managing multiple priorities and deadlines concurrently.
• Relevant certifications such as CISSP, CGRC, CCSP, CISA, CISM, and CRISC.
• Experience working in financial services or other regulated industry.
• Bachelor's degree in a relevant discipline.

• You will analyze technology and information security incidents, audit findings, and reported issues. Help determine root causes, themes and trends. Help develop comprehensive remediation approaches and plans. Monitor remediation plans to help ensure successful completion. Perform validation of completed remediation plans.
• You will analyze technology and information security systems, processes, and controls to help ensure relevant risks are identified, appropriately assessed, and documented. Review appropriateness and adequacy of controls. Identify weaknesses and opportunities for improvement. Collaborate with management and risk owners to identify and develop comprehensive solutions to address weaknesses and implement improvements.
• You will analyze technology and information security risk registers for proper assessment of identified risks, including analysis, rating, and prioritization, and proper assignment of ownership. Analyze mitigation plans for comprehensiveness, appropriateness, and timeliness to address associated risks.
• You will participate in technology and information security risk forums to help identify new and emerging risks, and provide complementary expertise to foster robust dialog and information sharing about risks and controls.
• You will review and monitor initiatives and projects to help ensure technology and security risks are identified early in the process and help drive comprehensive mitigation solutions.
• You will report on risk oversight and assurance activities to management, and escalate to management when necessary to ensure appropriate awareness and action to mitigate risk.
• You will monitor technology and information security risk management activities to help ensure governance, processes, and practices are consistent with best practices, meet requirements, are adequate to manage risk in support of the achievement of the Company's goals and objectives, and enable risk to be managed in accordance with the Company's risk appetite.
• You will review technology and information security policies, standards, processes, standards, and controls to help ensure administrative and technical controls meet requirements, adequately mitigate risk, and identify areas of weakness and opportunities for improvement.
• You will monitor technology and information security metrics for trends and themes. Help investigate when thresholds are exceeded to understand root cause. Assess adequacy to rely on the metrics to measure risk posture and management of risk in accordance with the Company's risk appetite. Identify opportunities for improvement.
• You will keep abreast of the latest developments around technology and information security risks and mitigations, regulations, standards, and best practices.