Consultant, IT Risk Assessment at TransUnion
A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools to be agile.
Flexible time off, workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and seminars.
Our culture encourages our people to hone current skills and build new capabilities, while discovering their genius.
How You’ll Contribute:
- Facilitate high visibility, information security risk assessments of critical TransUnion information systems, applications, and products.
- Collect evidence and follow up on remediation and validation of information security assessment findings.
- Provide monthly reporting metrics and collect and close out findings.
- Perform root-cause analysis and present findings to a wide audience of internal and external stakeholders.
- Develop a broad understanding of information security control frameworks like NIST 800-53, SSAE16/SSAE18, PCI-DSS, and ISO 27001/27002.
- Use critical thinking skills to identify, research and evaluate risk at third parties that use a range of diverse technologies, including cloud and big data analytics tools.
- Identify, create and implement risk assessment process improvement initiatives.
- As an IT Risk Assessor, you should have 1 - 2 years of combined experience, preferably within professional services performing information security assessments. Other criteria include:
- Bachelor’s degree in a relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems, or similar).
- Familiarity with and strong interest in current information security technologies.
- Working knowledge of regulations and control frameworks such as NIST 800-53 & CSF, HIPAA, PCI, COBIT, ISO 27001, FISMA / HITRUST / FedRAMP / SOC2.
- Proficiency in Microsoft Office (especially PowerPoint and Excel) coupled with strong communication and presentation skills.
- Ability to travel up to 20% of time.
- Information security certification a plus (CISSP, CISA, CISA, Security+, CCSK, CCSP or similar)