TransUnion's Job Applicant Privacy Notice
Personal Information We Collect
Your Privacy Choices
What We'll Bring:
At TransUnion we have a welcoming and energetic environment that encourages collaboration and innovation - we're constantly exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius. Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.
Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.
Risk & Compliance (R&C) plays a key role in the Company's risk management governance, policies, and processes. R&C ensures risk is proactively identified, managed, mitigated, and governed in accordance with the enterprise risk management framework and in keeping with the Company's risk appetite. R&C is a core component of the second line in the Company's implementation of the three lines model of risk management.
This role will be an individual contributor, leveraging IT/Security expertise to provide advice and consultation to technology and information security teams on risk matters and control effectiveness. The role will be performing oversight and assurance activities to validate that relevant technology and information security risks are identified and appropriately managed, bring awareness to risk and control issues, drive development of comprehensive solutions and improvements to controls to mitigate risk, provide complementary subject matter and risk management expertise throughout the risk lifecycle, and ensure risk is managed in keeping with the Company's risk appetite. This role will provide some regulatory compliance support to the Technology and Information Security business areas as deemed appropriate by the Sr. Director of Technology & Security Risk Management and Compliance.
The Advisor, Technology & Security Risk Management will have opportunities to work with senior leaders and teams across multiple areas of the Company such as technology, information security, R&C, legal, privacy, internal audit, procurement, and the business units, across multiple solutions and products around the world.
What You'll Bring:

• 4 years experience in related roles such as risk management, compliance, audit, and information security, with specific focus on technology and information security.
• Expertise in information security domains and risks in areas such as threat modeling, security architecture, identity and access management, security development lifecycle, application security, and vulnerability management.
• Excellent communications skills, with the ability to effectively interface with senior management, regulators, and external entities.
• Leadership, influencing, and relationship-building skills.
• Excellent analytical and problem-solving abilities, with a keen attention to detail and a results-oriented mindset.
• Some project management skills and are comfortable with organizing and managing multiple priorities and deadlines concurrently.
• Relevant certifications such as CISSP, CGRC, CCSP, CISA, CISM, and CRISC.
• Experience working in financial services or other regulated industry.
• Bachelor's degree in a relevant discipline.

Impact You'll Make:

• You will analyze technology and information security incidents, audit findings, and reported issues. Help determine root causes, themes and trends. Help develop comprehensive remediation approaches and plans. Monitor remediation plans to help ensure successful completion. Perform validation of completed remediation plans.
• You will analyze technology and information security systems, processes, and controls to help ensure relevant risks are identified, appropriately assessed, and documented. Review appropriateness and adequacy of controls. Identify weaknesses and opportunities for improvement. Collaborate with management and risk owners to identify and develop comprehensive solutions to address weaknesses and implement improvements.
• You will analyze technology and information security risk registers for proper assessment of identified risks, including analysis, rating, and prioritization, and proper assignment of ownership. Analyze mitigation plans for comprehensiveness, appropriateness, and timeliness to address associated risks.
• You will participate in technology and information security risk forums to help identify new and emerging risks, and provide complementary expertise to foster robust dialog and information sharing about risks and controls.
• You will review and monitor initiatives and projects to help ensure technology and security risks are identified early in the process and help drive comprehensive mitigation solutions.
• You will report on risk oversight and assurance activities to management, and escalate to management when necessary to ensure appropriate awareness and action to mitigate risk.
• You will monitor technology and information security risk management activities to help ensure governance, processes, and practices are consistent with best practices, meet requirements, are adequate to manage risk in support of the achievement of the Company's goals and objectives, and enable risk to be managed in accordance with the Company's risk appetite.
• You will review technology and information security policies, standards, processes, standards, and controls to help ensure administrative and technical controls meet requirements, adequately mitigate risk, and identify areas of weakness and opportunities for improvement.
• You will monitor technology and information security metrics for trends and themes. Help investigate when thresholds are exceeded to understand root cause. Assess adequacy to rely on the metrics to measure risk posture and management of risk in accordance with the Company's risk appetite. Identify opportunities for improvement.
• You will keep abreast of the latest developments around technology and information security risks and mitigations, regulations, standards, and best practices.

This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.
Benefits:
TransUnion provides flexible benefits including flexible time off for exempt associates, paid time off for non-exempt associates, tuition reimbursement, additional (following any short-term disability) 10 weeks of parental leave with gradual return, adoption assistance, fertility coverage, spousal and domestic partner benefits, charity gift matching, employee stock purchase plan, retirement contributions with employer match, organizational growth potential through our online learning platform with guided career tracks, and access to TransUnion's Employee Resource Groups.
We are committed to being a place where diversity is not only present, it is embraced. As an equal opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, genetic information, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.
TransUnion's Internal Job Title:
Advisor, Risk Management