Senior Director, Technology & Security Risk Management & Compliance

TransUnion's Job Applicant Privacy Notice
Personal Information We Collect
Your Privacy Choices
What We'll Bring:
At TransUnion we have a welcoming and energetic environment that encourages collaboration and innovation - we're constantly exploring new technologies and tools to be agile. This environment gives our people the opportunity to hone current skills and build new capabilities, while discovering their genius. Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.
Come be a part of our team - you'll work with great people, pioneering products and cutting-edge technology.
Risk & Compliance (R&C) plays a key role in the Company's risk management governance, policies, and processes. R&C ensures risk is proactively identified, managed, mitigated, and governed in accordance with the enterprise risk management framework and in keeping with the Company's risk appetite. R&C is a core component of the second line in the Company's implementation of the three lines model of risk management.
The role will focus on Technology & Security Risk Management and Compliance for TransUnion and reside within the company's Risk Management Team, a Second Line of Defense function. This role requires a technical depth in technology risk and information security risks and controls. This role will lead a team responsible for performing check and challenge to the controls put in place by the first line Technology and Information Security business areas of the company. This role will partner with colleagues across all lines of defense, proactively identifying, assessing, and driving mitigation of technology and security risks that impact the Company's Operational Resilience. As a partner and trusted advisor to Technology and Information Security, you will participate directly with business unit leadership in establishing strategic direction and business plans and help align the initiatives undertaken by Risk and Compliance with the business's strategic operating plans to ensure appropriate assurance.
The Sr. Director will be a leader, providing compliance advice and support, ensuring oversight and assurance activities are being performed by their team to validate that relevant technology and information security risks are identified and appropriately managed, bringing awareness to risk and control issues, driving development of comprehensive solutions and improvements to controls to mitigate risk, providing complementary subject matter and risk management expertise throughout the risk lifecycle, and ensuring risk is managed in keeping with the Company's risk appetite.
What You'll Bring:

• 8+ years' experience in related roles such as risk management, compliance, audit, and information security, with specific focus on technology and information security.
• Expertise in information security domains and risks in areas such as threat modeling, security architecture, identity and access management, secure system development lifecycle, application security, and vulnerability management.
• Excellent communications skills, with the ability to effectively interface with senior management, regulators, and external entities.
• People management skills, strong leadership, influencing, and relationship-building skills.
• Excellent analytical and problem-solving abilities, with a keen attention to detail and a results-oriented mindset.
• Strong project management skills and are comfortable with organizing and managing multiple priorities and deadlines concurrently.
• Relevant certifications such as CISSP, CGRC, CCSP, CISA, CISM, CCEP & CRISC.
• Experience working in financial services or other regulated industry.
• Bachelor's degree in a relevant discipline.

Impact You'll Make:

• This role will have opportunities to work with senior leaders and teams across multiple areas of the Company such as technology, information security, R&C, legal, privacy, internal audit, procurement, and the business units, across multiple solutions and products around the world.
• You will establish the strategic and tactical focus for the second line IT assurance team, ensuring alignment with the overall enterprise risk management framework and compliance priorities.
• You will take a lead role in the oversight of technology and information security risk management activities to ensure policies, processes, and practices meet requirements and are consistent with industry standards and best practices. You will maintain appropriate reporting and ensure escalation of any gaps or opportunities for improvement.
• You and your team will analyze technology and information security controls and processes to ensure identified risks are effectively mitigated. You will provide assurance and identify gaps or opportunities for improvement. Controls and processes include but are not limited to: incident response, asset inventory, vulnerability management, patch management, application security, logging and monitoring, findings governance and remediation, identity and access management, configuration management, and change management.
• You will oversee risk assessments performing critical analysis as necessary and monitor data used to identify heightened risk and help develop risk remediation recommendations.

#LI-KJ1
This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.
Benefits:
TransUnion provides flexible benefits including flexible time off for exempt associates, paid time off for non-exempt associates, tuition reimbursement, additional (following any short-term disability) 10 weeks of parental leave with gradual return, adoption assistance, fertility coverage, spousal and domestic partner benefits, charity gift matching, employee stock purchase plan, retirement contributions with employer match, organizational growth potential through our online learning platform with guided career tracks, and access to TransUnion's Employee Resource Groups.
We are committed to being a place where diversity is not only present, it is embraced. As an equal opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, genetic information, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.
TransUnion's Internal Job Title:
Sr Director, Risk Management