Senior Director, Technology & Security Risk Management & Compliance

TransUnion's Job Applicant Privacy Notice

Personal Information We Collect

Your Privacy Choices

What We'll Bring:
At TransUnion we have a welcoming and energetic environment that encourages collaboration and innovation - we're constantly exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius. Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.

Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.

Risk & Compliance (R&C) plays a key role in the Company's risk management governance, policies, and processes. R&C ensures risk is proactively identified, managed, mitigated, and governed in accordance with the enterprise risk management framework and in keeping with the Company's risk appetite. R&C is a core component of the second line in the Company's implementation of the three lines model of risk management.

• 8+ years' experience in related roles such as risk management, compliance, audit, and information security, with specific focus on technology and information security.
• Expertise in information security domains and risks in areas such as threat modeling, security architecture, identity and access management, secure system development lifecycle, application security, and vulnerability management.
• Excellent communications skills, with the ability to effectively interface with senior management, regulators, and external entities.
• People management skills, strong leadership, influencing, and relationship-building skills.
• Excellent analytical and problem-solving abilities, with a keen attention to detail and a results-oriented mindset.
• Strong project management skills and are comfortable with organizing and managing multiple priorities and deadlines concurrently.
• Relevant certifications such as CISSP, CGRC, CCSP, CISA, CISM, CCEP & CRISC.
• Experience working in financial services or other regulated industry.
• Bachelor's degree in a relevant discipline.

• This role will have opportunities to work with senior leaders and teams across multiple areas of the Company such as technology, information security, R&C, legal, privacy, internal audit, procurement, and the business units, across multiple solutions and products around the world.
• You will establish the strategic and tactical focus for the second line IT assurance team, ensuring alignment with the overall enterprise risk management framework and compliance priorities.
• You will take a lead role in the oversight of technology and information security risk management activities to ensure policies, processes, and practices meet requirements and are consistent with industry standards and best practices. You will maintain appropriate reporting and ensure escalation of any gaps or opportunities for improvement.
• You and your team will analyze technology and information security controls and processes to ensure identified risks are effectively mitigated. You will provide assurance and identify gaps or opportunities for improvement. Controls and processes include but are not limited to: incident response, asset inventory, vulnerability management, patch management, application security, logging and monitoring, findings governance and remediation, identity and access management, configuration management, and change management.
• You will oversee risk assessments performing critical analysis as necessary and monitor data used to identify heightened risk and help develop risk remediation recommendations.