IT/Cybersecurity Senior Auditor

TransUnion's Job Applicant Privacy Notice

What We'll Bring:

TransUnion works with businesses and consumers to gather, analyze, and deliver critical information needed to build strong economies around the world. Protection of that information is critical to our customers and business. As part of our 2020 transformation journey, we became Global Audit & Advisory (GAA), formerly Internal Audit. As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives, best practices, and regulatory requirements. The incumbent will be responsible for the planning, execution, reporting, and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management. This position will report directly to the Senior Lead and will work closely with other GAA Team Associates on key projects and initiatives as well as coordinate closely with our external auditors.
The Global Audit & Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU. GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's risk management, control and governance processes. GAA collaborates with the Business Units, Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness.

What You'll Bring:

Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework. The essential duties are as follows:

• Independently perform Information technology (IT) security reviews. Initiate, scope, plan, research and conduct IT controls assessments and audits.
• Lead and coordinate with process owners to initiate, scope, plan, and execute periodic controls assessments as part of the internal audit function, focusing on identifying risks by evaluating the design and operating effectiveness of internal controls. Actively support security audit initiatives by aligning audit procedures with cybersecurity frameworks (e.g., NIST, ISO 27001 etc.), conducting control walkthroughs, testing IT security and IT general and application controls, and assessing compliance with internal security policies.
• Document the results of audit procedures performed that support the conclusions reached.
• Prepare audit reports based on the adequacy and effectiveness of controls evaluated.
• Support external audits and regulatory examinations as needed.
• Analyze information security areas including (but not limited to these) governance and risk management, access and password controls, cloud security, cybersecurity, physical security, system security architecture and design, BCP and Disaster Recovery, network security, application and operations security, Incident Management, data migrations and system implementations etc.
• Lead engagement and communicate issues to process owners, ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities. 
• Cross train members of the Global Audit Team, including new hires and mentor junior IT staff.
• Continuously monitor emerging security trends and evolving threat landscapes through ongoing research and professional development. Insights gained are integrated into the audit universe to ensure risk assessments and audit planning remain current and aligned with the organization’s security posture.
• Perform risk assessments and assist in the development of the annual audit plan.
• Participate in departmental initiatives, administrative matters, and special projects.
• Assist with other audit engagements as needed to broaden exposure across various risk areas and support the timely execution of the overall audit plan.

Impact You'll Make:

• 6 – 10 years of experience in an IT/Security Audit and Assessment, or Information Security Technical, Management and/or Governance role.
• Bachelor’s or Master’s degree in computer science/information technology, management information systems or related field.
• Industry certification such as CISSP, CISA, CISM, CEH and/or CIA required.
• Experience with Cloud Security audits (AWS, Azure, GCP).
• Knowledge of data protection laws and industry standards.
• Familiarity with GRC platforms (e.g., AuditBoard, Onspring, Archer).
• Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, physical security, security architecture and design, business continuity/disaster recovery, network security, application and operations security and compliance/incident management.
• Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks.
• Strong technical and/or IT and Security audit background with practical knowledge of a wide variety of technologies including server infrastructure and operating systems, network and web infrastructures, database architecture, vulnerability and penetration testing assessment and Intrusion Detection/Prevention Systems.
• Good understanding of SOX legislation and IT and Security frameworks including COSO and COBIT.
• Self-starter with the ability to manage and prioritize responsibilities. 
• Team player with proven skills in influencing people without having direct management authority. 
• Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
• Strong risk analysis and problem solving skills.
• Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously.

This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.

TransUnion Job Title

Consultant, Audit and Advisory