It/cybersecurity Senior Auditor

What We ll Bring TransUnion works with businesses and consumers to gather analyze and deliver critical information needed to build strong economies around the world Protection of that information is critical to our customers and business As part of our 2020 transformation journey we became Global Audit Advisory GAA formerly Internal Audit As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives best practices and regulatory requirements The incumbent will be responsible for the planning execution reporting and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management This position will report directly to the Senior Lead and will work closely with other GAA Team Associates on key projects and initiatives as well as coordinate closely with our external auditors The Global Audit Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization s risk management control and governance processes GAA collaborates with the Business Units Functional leadership and their Associates in developing strong professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness What You ll Bring Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework The essential duties are as follows Independently perform Information technology IT security reviews Initiate scope plan research and conduct IT controls assessments and audits Lead and coordinate with process owners to initiate scope plan and execute periodic controls assessments as part of the internal audit function focusing on identifying risks by evaluating the design and operating effectiveness of internal controls Actively support security audit initiatives by aligning audit procedures with cybersecurity frameworks e g NIST ISO 27001 etc conducting control walkthroughs testing IT security and IT general and application controls and assessing compliance with internal security policies Document the results of audit procedures performed that support the conclusions reached Prepare audit reports based on the adequacy and effectiveness of controls evaluated Support external audits and regulatory examinations as needed Analyze information security areas including but not limited to these governance and risk management access and password controls cloud security cybersecurity physical security system security architecture and design BCP and Disaster Recovery network security application and operations security Incident Management data migrations and system implementations etc Lead engagement and communicate issues to process owners ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities Cross train members of the Global Audit Team including new hires and mentor junior IT staff Continuously monitor emerging security trends and evolving threat landscapes through ongoing research and professional development Insights gained are integrated into the audit universe to ensure risk assessments and audit planning remain current and aligned with the organization s security posture Perform risk assessments and assist in the development of the annual audit plan Participate in departmental initiatives administrative matters and special projects Assist with other audit engagements as needed to broaden exposure across various risk areas and support the timely execution of the overall audit plan Impact You ll Make What You Will Bring 6 - 10 years of experience in an IT Security Audit and Assessment or Information Security Technical Management and or Governance role Bachelor s or Master s degree in computer science information technology management information systems or related field Industry certification such as CISSP CISA CISM CEH and or CIA required Experience with Cloud Security audits AWS Azure GCP Knowledge of data protection laws and industry standards Familiarity with GRC platforms e g AuditBoard Onspring Archer Demonstrated in-depth knowledge of concepts best practices and controls in a breadth of Information Security areas domains These include governance risk management access control cybersecurity physical security security architecture and design business continuity disaster recovery network security application and operations security and compliance incident management Demonstrated ability to understand complex technologies business processes regulations and emerging risks Strong technical and or IT and Security audit background with practical knowledge of a wide variety of technologies including server infrastructure and operating systems network and web infrastructures database architecture vulnerability and penetration testing assessment and Intrusion Detection Prevention Systems Good understanding of SOX legislation and IT and Security frameworks including COSO and COBIT Self-starter with the ability to manage and prioritize responsibilities Team player with proven skills in influencing people without having direct management authority Self-driven performer with established skills in tracking self and project performance anticipating and recognizing problems and escalating issues appropriately Strong ability to interact and communicate both written and verbally with people at all levels both technical and non-technical in a dynamic environment where interactions are not always in person Strong risk analysis and problem solving skills Must be flexible to ensure assessments are performed timely and manage multiple assessments simultaneously This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week TransUnion Job Title Consultant Audit and Advisory