Global Third Party Risk Management (TPRM) – Information Security Risk Assessor
What We'll Bring
At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation we’re consistently exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius.
Come be a part of our team – you’ll work with great people, pioneering products and cutting-edge technology.
What You'll Bring
Experienced information security professional, with exposure to risk assessments and auditing, involving one of more areas of identity and access management, application security, infrastructure security, system and data security, physical and environmental security, business continuity/disaster recover, and regulatory/standards compliance.
Excitement and passion to identify risk beyond the scope of a traditional audit.
Bachelor’s degree in management systems, computer science or related field.
Skills in cloud security (Amazon AWS, Microsoft Azure or Google Cloud).
Experience with control frameworks such as: NIST 800-53, SSAE16/SSAE18, PCI-DSS, and ISO 27001/27002.
Familiarity with open source intelligence or third party monitoring tools.
Experience collaborating with business leaders and third parties to articulate information security risks and influence risk behavior.
We'd Love to See:
Information security certification a plus (CISSP, CISA, CISA, Security+, CCSK, CCSP or similar).
Impact You'll Make
Lead high visibility, information security risk assessments of third parties that are critical to TransUnion globally.
In depth understanding of information security organizations and control frameworks like NIST 800-53, SSAE16/SSAE18, PCI-DSS, and ISO 27001/27002.
Use critical thinking skills to identify, research and evaluate risk at third parties that use a range of diverse technologies, including cloud and big data analytics tools.
Collaborate globally with senior leaders at TransUnion and business partners to discuss third party risk and promote a risk-aware culture.
Leverage intelligence feeds and open source intelligence (OSINT) to monitor the security of third parties between risk assessments.
Work with team members to perform deep, detailed risk analysis, with a mix of onsite visits, personnel interviews, evidence review and open source intelligence (OSINT) tools.
Bring new ideas and lead projects that improve the risk assessment process.