Vice President –Third Party Risk Management at TransUnion
At TransUnion, we know that finding the right people is the reason we’re a global leader in credit information and information management services. We strive to provide an environment that allows our talented people to find success and satisfaction. Now, we’re adding to the team and seeking a Global Head of Third Party Risk Management
The Team’s Focus
As the Global Head of Third Party Risk Management you will be responsible for building and operating a function that is focused on reviewing, risk assessing and auditing TransUnion’s third party service providers, partners, joint ventures and acquisitions. You will work closely with compliance, audit, business and technology leaders across the company to address the dynamic threats to TransUnion due to service providers, partners, joint ventures, acquisitions and other third parties that connect to TransUnion or have access to TransUnion’s data. You will work closely with third parties to evaluate the level of control, risk and required remediation to satisfy TransUnion’s high standards of control. This role will operate globally and engage with business leaders, technology leaders, compliance and with third party leaders across all of TransUnion’s business units and geographies and anywhere in the world that TransUnion’s third parties reside. In this critical role, you will collaborate with external customers, internal support teams and all levels leadership including the audit committee and board.
· You should understand fundamentals of Information Technology, Business Process Flow, Technology Architecture, Information Security, Compliance, Enterprise Risk Management, Risk Assessment, Risk Treatment options.
· You should understand the Global regulations associated with third party risk and security in all TU geographies.
· You will develop global processes to evaluate third party risk (including cyber, reputation, and execution, financial and other operational risks).
· You will create and manage a global team of individuals that are qualified to evaluate cyber, reputation, and execution, financial and other operational risks.
· You will recommend and implement changes that enhance Third Party Risk Management and reduce risk for TransUnion.
· You will design, integrate, and implement a global Third Party Risk Management Function for TransUnion.
· Provide guidance and direction on technology solutions that enable the function, increases efficiency and provides an element of automation, tracking and full life cycle assessment, information gathering, remediation and reporting.
· You will work with global TU leaders up to and including business unit Presidents, country level CEOs, CFOs, CIOs and other technology and business leaders.
· You will chair and lead the monthly Third Party Risk Management steering committee attended by the President of USIS, TU’s General Counsel, CIO, CISO, CFO and other senior business and technology leaders.
· You will meet with third party leadership up to and including the founders, CEOs, CFOs, CIOs and CISOs of TU’s third party organizations.
Who you’ll work with
In this critical role, you will work with TransUnion technology and business teams including Audit and Compliance and leadership up to and including senior business and technology leaders (CIO, CISO, CFO, General Counsel, country level CEOs and leaders). You will also work with vendors, business partners, customers, third parties and related agencies and industry peers. Your role is to build, manage and coach a team of analysts, risk assessors and auditors and work closely with TransUnion’s control functions including Compliance, Legal, Information Security and Audit.
How you’ll contribute
· Develop the TransUnion Third Party Risk Management strategy and the necessary program.
· Execute the function of Third Party Risk Management and translate the risk into understandable and actionable communication for TransUnion’s technology and business leadership teams.
· Create and contribute to policies and procedures required to support the program.
· Enhance and manage Third Party Risk Management for TransUnion.
· Manage experienced professionals who exercise professional judgment and independence in their assignments.
· Manage policy, processes and procedures at the program level for the company. This includes cross-functional processing involving different diligence work streams.
· Oversee management of third party risk onboarding ensuring appropriate and prudent assessments are completed. Ensures that the Company’s Legal Department, and any other relevant SME’s are consulted on all contractual matters relating to the Company.
· Assist business leaders with RFP development, due diligence documentation, and evaluation of third party relationships.
· Liaise with business leadership to ensure visibility to and understanding of third party relationship processes. Develops strong relationships with key department heads to ensure risk management oversight is understood and managed appropriately.
· Liaise with internal and external parties, including auditors and regulators, as it relates to the Third Party Risk Management Oversight Program.
· Communicate with TransUnion senior leaders up to and including the audit committee and board of directors.
· Monitor process compliance and provides management information to appropriate stakeholders.
· Create, monitor, analyze and report metrics KPIs and KRIs to various levels of executive and management.
· Identify opportunities to enhance, develop, and improve the Third Party Risk Management program for the company.
· Provide training of Third Party Risk program as needed.
What You’ll Bring
As the senior leader of the Third-Party Risk Management function at TransUnion, reporting directly to the Global Chief Information Security Officer, you will bring thought leadership, global industry knowledge and a network of contacts.
· Background in in consulting, regulatory agencies and/or financial services organizations
· Experience managing third party security, knowledge of relevant government and industry standards and regulations
· Experience and credibility communicating about risk in business terms with senior business leaders both internally and externally
· Ability to discuss and understand both complex business processes as well as technical architecture design and implementation and the ability to adjust your communication (verbal and written) as needed for the topic and the audience
· 10+ years of experience in similar roles demonstrating consistent job progression and growth with a background and experience in (or working in) consulting, government agencies, financial services and large international organizations across multiple business lines and geographies