IT / Cybersecurity Senior Auditor

TransUnion's Job Applicant Privacy Notice

What We'll Bring

TransUnion works with businesses and consumers to gather, analyze, and deliver critical information needed to build strong economies around the world. Protection of that information is critical to our customers and business. As part of our 2020 transformation journey, we became Global Audit & Advisory (GAA), formerly Internal Audit. As a Specialist III you will be part of the GAA team and be responsible for conducting Cybersecurity and IT audit engagements throughout the organization that support business objectives, best practices, and regulatory requirements. The incumbent will be responsible for the planning, execution, reporting, and follow-up on all audit engagements by participating on an audit team or at times independently leading engagements under the direction of GAA Management. This position will report directly to the Senior Lead and will work closely with other GAA Team Associates on key projects and initiatives as well as coordinate closely with our external auditors.

The Global Audit & Advisory team is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of TU. GAA assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's risk management, control and governance processes. GAA collaborates with the Business Units, Functional leadership and their Associates in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value added recommendations that improve efficiency and effectiveness.

What You'll Bring

Perform detailed examinations of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework. The essential duties are as follows :

• Independently perform Information technology (IT) security reviews. Initiate, scope, plan, research and conduct IT controls assessments and audits.
• Lead and coordinate with process owners to initiate, scope, plan, and execute periodic controls assessments as part of the internal audit function, focusing on identifying risks by evaluating the design and operating effectiveness of internal controls. Actively support security audit initiatives by aligning audit procedures with cybersecurity frameworks (e.g., NIST, ISO 27001 etc.), conducting control walkthroughs, testing IT security and IT general and application controls, and assessing compliance with internal security policies.
• Document the results of audit procedures performed that support the conclusions reached.
• Prepare audit reports based on the adequacy and effectiveness of controls evaluated.
• Support external audits and regulatory examinations as needed.
• Analyze information security areas including (but not limited to these) governance and risk management, access and password controls, cloud security, cybersecurity, physical security, system security architecture and design, BCP and Disaster Recovery, network security, application and operations security, Incident Management, data migrations and system implementations etc.
• Lead engagement and communicate issues to process owners, ensuring understanding of risks and actions needed to remediate risks and subsequently track remediation activities.
• Cross train members of the Global Audit Team, including new hires and mentor junior IT staff.
• Continuously monitor emerging security trends and evolving threat landscapes through ongoing research and professional development. Insights gained are integrated into the audit universe to ensure risk assessments and audit planning remain current and aligned with the organization's security posture.
• Perform risk assessments and assist in the development of the annual audit plan.
• Participate in departmental initiatives, administrative matters, and special projects.
• Assist with other audit engagements as needed to broaden exposure across various risk areas and support the timely execution of the overall audit plan.

Impact You'll Make

What You Will Bring :

This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.

TransUnion Job Title

Consultant, Audit and Advisory

Skills Required

it security audit , Archer, Ceh, Information Security, Cisa, Governance, Gcp, COSO, Cobit, Cissp, Azure, CIA, Cism, Aws