IT Technical Risk Assessor at TransUnion
“The limit of our growth is going to be our imagination and product ideas – not technology.” – Mohit Kapoor, CTO
Global Third Party Risk Management (TPRM) – Information Security Risk Assessor
What we’ll bring:
• A welcoming and energetic environment that encourages collaboration and innovation. We consistently explore new technologies and tools to be agile.
• Flexible time off, workplace flexibility, an environment that welcomes continued professional growth through support of tuition reimbursement, conferences and seminars.
• Our culture encourages our people to hone current skills and build new capabilities, while discovering their genius.
How you’ll contribute
• Lead high visibility, information security risk assessments of third parties that are critical to TransUnion globally.
• Develop a broad understanding of information security organizations and control frameworks like NIST 800-53, SSAE16/SSAE18, PCI-DSS, and ISO 27001/27002.
• Use critical thinking skills to identify, research and evaluate risk at third parties that use a range of diverse technologies, including cloud and big data analytics tools.
• Collaborate globally with senior leaders at TransUnion and business partners to discuss third party risk and promote a risk-aware culture.
• Leverage intelligence feeds and open source intelligence (OSINT) to monitor the security of third parties between risk assessments.
• Bring new ideas and lead projects that improve the risk assessment process.
What you’ll bring:
• 2 – 5 years of experience in information security risk assessments or audits, involving one of more areas of identity and access management, application security, infrastructure security, system and data security, physical and environmental security, business continuity/disaster recover, and regulatory/standards compliance.
• Bachelor’s degree in management systems, computer science or related field.
• Skills in cloud security a plus (Amazon AWS, Microsoft Azure or Google Cloud).
• Information security certification a plus (CISSP, CISA, CISA, Security+, CCSK, CCSP or similar).
• Ability to travel up to 20% of time.