TransUnion's Job Applicant Privacy Notice

What We'll Bring:

Performing audits of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework.

What You'll Bring:

•    Assist in developing risk based annual audit plans and actively participate in risk assessment meetings
•    Assist manager in coordinating with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of IT and cybersecurity controls over on premise and cloud hosted applications, operating systems, and databases as well as the network infrastructure
•    Execute audits and advisory projects by analyzing, testing and evaluating organization’s control environment by using a blend of traditional sampling and data analytics/ automation.
•    Perform detailed assessments of key system implementations and cloud migrations
•    Where necessary, lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks 
•    Document detailed results of audit procedures performed that support the conclusions reached
•    Prepare draft audit reports based on the adequacy and effectiveness of controls evaluated
•    Analyze information security areas including governance and risk management, access and password controls, cloud and cybersecurity, physical security, system security architecture and design, business continuity, disaster recovery, network security, application & operations security, incident management, documentation, including data migrations and system implementations
•    Track and monitor open audit issues for remediation by working with process owners
•    Research security trends, threats, and prevention technologies
•    Participate in departmental initiatives, administrative matters, and special projects 

The essential duties are as follows:
•    Assist in developing risk based annual audit plans and actively participate in risk assessment meetings
•    Assist manager in coordinating with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of IT and cybersecurity controls over on premise and cloud hosted applications, operating systems, and databases as well as the network infrastructure
•    Execute audits and advisory projects by analyzing, testing and evaluating organization’s control environment by using a blend of traditional sampling and data analytics/ automation.
•    Perform detailed assessments of key system implementations and cloud migrations
•    Where necessary, lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks 
•    Document detailed results of audit procedures performed that support the conclusions reached
•    Prepare draft audit reports based on the adequacy and effectiveness of controls evaluated
•    Analyze information security areas including governance and risk management, access and password controls, cloud and cybersecurity, physical security, system security architecture and design, business continuity, disaster recovery, network security, application & operations security, incident management, documentation, including data migrations and system implementations
•    Track and monitor open audit issues for remediation by working with process owners
•    Research security trends, threats, and prevention technologies
•    Participate in departmental initiatives, administrative matters, and special projects 

Impact You'll Make:

4 – 5 years of experience in an IT Audit, IT Assessor, or Information Security role with minimum of 2 years in a Public Accounting FirmBachelor’s degree in computer science, management information systems or related fieldDemonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, cloud-based architecture & security, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident managementDemonstrated ability to understand complex technologies, business processes, regulations and emerging risksAbility to run audit related reports within workflow systems, IAM and security logging tools such as BMC Remedy, Sailpoint IIQ and Splunk respectivelyStrong understanding of IT & security frameworks including NIST 800.53 & CSF, CIS, ISO and COBITStrong technical and/or IT audit background with practical knowledge of a wide variety of technologies including server infrastructure & operating systems, network & web infrastructures, database architecture, vulnerability assessment and intrusion detection/prevention systems, both physical and on-cloudSelf-starter with the ability to manage and prioritize responsibilitiesSelf-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriatelyExperience in using AuditBoard Ops Audit as audit management toolStrong ability to interact and communicate both written and verbally with process owners, both technical and non-technical, in a dynamic environment where interactions are not always in personStrong risk analysis and problem-solving skillsMust be flexible to ensure assessments are performed timely and be able to manage multiple assessments simultaneouslyShould be flexible and able to pivot at short notice for matters that need urgent attention

Industry certification such as CISSP or CISA required  

This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.

TransUnion Job Title

Specialist II, Audit and Advisory