What We'll Bring:Overview of Role / Dynamics of the Position:
TransUnion works with businesses and consumers to gather, analyze, and deliver critical information needed to build strong economies around the world. Protection of that information is critical to our customers and business. As part of our 2020 transformation journey, we became Global Audit & Advisory (GAA), formerly Internal Audit. As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives, best practices, and regulatory requirements. The incumbent will be responsible for the planning, execution, reporting, and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management. This position will report directly to the GAA Manager located in Columbia and will work closely with other GAA Team Associates on key projects. Position may requires travel up to approximately 10%, however, the amount may change based on business needs.
What You'll Bring:
The Team’s Mission & Focus
The Global Audit & Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU. GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's risk management, control and governance processes. GAA collaborates with the Business Units, Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness.
How You Will Contribute:
Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework. The essential duties are as follows:
- Independently perform Information technology (IT) security reviews. Initiate, scope, plan, research and conduct IT controls assessments and audits.
- Coordinate with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of Information Technology General Controls (ITGC) over applications, operating systems, and databases as well as the network infrastructure.
- Evaluate design and operating effectiveness of IT Application Controls (ITAC) and ISO 27001, 27701 and 22301 related controls
- Document the results of audit procedures performed that support the conclusions reached.
- Prepare audit reports based on the adequacy and effectiveness of controls evaluated.
- Analyze information security areas including governance and risk management, access and password controls, cloud and cybersecurity, physical security, system security architecture and design, disaster recovery, network security, application & operations security, incident management, documentation, including data migrations and system implementations.
- Lead engagement and communicate issues to process owners, ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities.
- Cross train members of the Global Audit Team, including new hires and mentor junior IT staff.
- Research security trends, threats, and prevention technologies.
- Participate in departmental initiatives, administrative matters, and special projects.
What You Will Bring:
- 4 – 6 years of experience in an IT Audit, Assessment, or Information Security role.
- Bachelor’s degree in computer science, management information systems or related field.
- Industry certification such as CISSP, CISA or CIA required.
- ISO 27001, 27701 and ISO 22301 certifications required
- Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident management.
- Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks.
- Strong technical and/or IT audit background with practical knowledge of a wide variety of technologies including server infrastructure & operating systems, network & web infrastructures, database architecture, vulnerability assessment and intrusion detection/prevention systems.
- Self-starter with the ability to manage and prioritize responsibilities.
- Team player with proven skills in influencing people without having direct management authority.
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
- Strong risk analysis and problem solving skills.
- Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously.
Impact You'll Make:
Remote Interview & Hiring Process
Protecting the health and wellness of our associates and candidates considering a career at TransUnion is our highest priority. Our recruitment and on-boarding experience for this role is fully virtual for the time being. Candidates interviewing will get to know our team over the phone and video, and this role will operate virtually upon hire until we return to the office. Even though we're not physically together right now, our goal is to provide you a supportive candidate and on-boarding experience that will immerse you in our culture and set you up for success at TransUnion.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.
TransUnion Job TitleSpecialist II, Audit and Advisory