TransUnion's Job Applicant Privacy Notice
What We'll Bring:
Performing audits of cybersecurity and IT practices and controls throughout the organization using an established assessment process and framework.What You'll Bring:
• Assist in developing risk based annual audit plans and actively participate in risk assessment meetings
• Assist manager in coordinating with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of IT and cybersecurity controls over on premise and cloud hosted applications, operating systems, and databases as well as the network infrastructure
• Execute audits and advisory projects by analyzing, testing and evaluating organization’s control environment by using a blend of traditional sampling and data analytics/ automation.
• Perform detailed assessments of key system implementations and cloud migrations
• Where necessary, lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks
• Document detailed results of audit procedures performed that support the conclusions reached
• Prepare draft audit reports based on the adequacy and effectiveness of controls evaluated
• Analyze information security areas including governance and risk management, access and password controls, cloud and cybersecurity, physical security, system security architecture and design, business continuity, disaster recovery, network security, application & operations security, incident management, documentation, including data migrations and system implementations
• Track and monitor open audit issues for remediation by working with process owners
• Research security trends, threats, and prevention technologies
• Participate in departmental initiatives, administrative matters, and special projects
The essential duties are as follows:
• Assist in developing risk based annual audit plans and actively participate in risk assessment meetings
• Assist manager in coordinating with process owners to initiate, scope, plan, and conduct periodic controls assessments to identify areas of risk by evaluating the design and operating effectiveness of IT and cybersecurity controls over on premise and cloud hosted applications, operating systems, and databases as well as the network infrastructure
• Execute audits and advisory projects by analyzing, testing and evaluating organization’s control environment by using a blend of traditional sampling and data analytics/ automation.
• Perform detailed assessments of key system implementations and cloud migrations
• Where necessary, lead engagements and communicate issues to process owners, ensuring their understanding of associated risks and the actions needed to remediate those risks
• Document detailed results of audit procedures performed that support the conclusions reached
• Prepare draft audit reports based on the adequacy and effectiveness of controls evaluated
• Analyze information security areas including governance and risk management, access and password controls, cloud and cybersecurity, physical security, system security architecture and design, business continuity, disaster recovery, network security, application & operations security, incident management, documentation, including data migrations and system implementations
• Track and monitor open audit issues for remediation by working with process owners
• Research security trends, threats, and prevention technologies
• Participate in departmental initiatives, administrative matters, and special projects
Impact You'll Make:
- 4 – 5 years of experience in an IT Audit, IT Assessor, or Information Security role with minimum of 2 years in a Public Accounting Firm
- Bachelor’s degree in computer science, management information systems or related field
- Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of Information Security areas/domains. These include governance & risk management, access control, cybersecurity, cloud-based architecture & security, physical security, security architecture and design, business continuity/disaster recovery, network security, application & operations security and compliance/incident management
- Demonstrated ability to understand complex technologies, business processes, regulations and emerging risks
- Ability to run audit related reports within workflow systems, IAM and security logging tools such as BMC Remedy, Sailpoint IIQ and Splunk respectively
- Strong understanding of IT & security frameworks including NIST 800.53 & CSF, CIS, ISO and COBIT
- Strong technical and/or IT audit background with practical knowledge of a wide variety of technologies including server infrastructure & operating systems, network & web infrastructures, database architecture, vulnerability assessment and intrusion detection/prevention systems, both physical and on-cloud
- Self-starter with the ability to manage and prioritize responsibilities
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
- Experience in using AuditBoard Ops Audit as audit management tool
- Strong ability to interact and communicate both written and verbally with process owners, both technical and non-technical, in a dynamic environment where interactions are not always in person
- Strong risk analysis and problem-solving skills
- Must be flexible to ensure assessments are performed timely and be able to manage multiple assessments simultaneously
- Should be flexible and able to pivot at short notice for matters that need urgent attention
Industry certification such as CISSP or CISA required
This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.TransUnion Job Title
Specialist II, Audit and Advisory