Third Party Risk Management Assessor
What We'll Bring
The Risk Assessor is a member of the global Third Party Risk Management (TPRM) team. The person will work both independently and with the global TPRM team, as well as with both internal and external stakeholders, to determine business risk of control gaps identified during control and risk assessments. The person will collaborate across business lines leading risk assessments and work with other teams within the Information Security Division.
What You'll Bring
What We'll Bring
At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation we’re – consistently exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius.
Come be a part of our team – you’ll work with great people, pioneering products and cutting-edge technology.
Impact You'll Make
The Risk Assessor is a member of the global Third Party Risk Management (TPRM) team. The person will work both independently and with the global TPRM team, as well as with both internal and external stakeholders, to determine business risk of control gaps identified during control and risk assessments. The person will collaborate across business lines leading risk assessments and work with other teams within the Information Security Division.
Essential Duties and Responsibilities
As a Third Party Risk Management Risk Assessor, your deliverables will include, but are not limited to, the following:
Assist with development and implementation of the information security risk assessment strategy, methodology, and process
Assist with planning and execution of the annual security control risk assessment schedule
Identify, evaluate and assist with security control recommendations to mitigate information security risks
Evaluate and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies
Ensure that risk treatment plans are in place and tracked for findings identified during risk assessments, audits, and regulatory examinations.
Document information security risk and compliance findings, recommendations and risk treatment plans in written reports for senior level management
Independently facilitate meetings and discussions with senior level management and staff to understand and document processes and systems
Provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy
Support the third-party security vendor risk management program and lifecycle
Qualifications Required
Knowledge / Skills
Be a self-starter and an output-driven team player with experience in fast-paced environments.
Track and manage numerous parallel activities.
Work efficiently and independently with minimal supervision (i.e., self-motivated and willing to stretch to meet important deadlines).
Thrive in a fast-paced and dynamic environment.
Build and maintain constructive working relationships across the enterprise at all levels.
Effectively communicate in both written and verbal manner to influence both technical and non-technical audiences.
Earn the trust and respect of colleagues both in and outside of the Information Security team.
Working knowledge of the financial industry a plus.
Strong analytical skills.
Strong project management skills.
Excellent written and oral communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment.
Exceptional Microsoft Office ability - especially Excel and PowerPoint with Power BI a Plus.
Ability to converse and work fluently in Spanish.
Experience
Minimum of 3-5 years of information security experience in any combination of audit, risk management, information security and/or information technology domains.
Experience across various security, compliance, regulatory and common control frameworks (NIST CSF/SPs, ISO, FFIEC, SWIFT, PCI, GDPR, SOX, etc.) and risk frameworks/methodologies (NIST RMF, FFIEC CAT, OCTAVE, FAIR, COSO, etc.) as they relate to the banking, technology, and software industry
Experience with tools and technologies used to manage information security program governance, such as eGRC tooling/software
Experience with specific security tool/processes including security monitoring, vulnerability assessment, Intrusion detection/prevention, proxy servers, data loss prevention, anti-malware/virus, etc. is strongly preferred
Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, technology resiliency, governance and metrics, incident management, vulnerability management, and data protection
Education / Certifications
Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Information Systems, or a related field or discipline is preferred but not required.
Industry certifications in the areas of Information Security a plus.
The above statements describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential job functions. If you need assistance or an accommodation due to disability please contact your recruitment partner.
Impact You'll Make
See above