Information Security Officer US Markets

This Advisor level role at TransUnion focuses on improving information security posture by maturing technical and administrative security capabilities, reducing risks, and ensuring strategic alignment. The Information Security Officer will enable the business unit to manage information security and regulatory risks while driving security maturity across products, infrastructure, and operations. The ideal candidate is a proactive communicator, strategic thinker, and technical expert capable of influencing leadership and cross-functional teams.

Must Have

• Partner with TU Product leadership to embed security-by-design into product architecture, lifecycle, and applications.
• Serve as the trusted cybersecurity advisor for business unit leaders.
• Define and assign acceptable levels of risk and lead the development of risk management strategies.
• Align with enterprise security leaders to scale security through automation and tooling within BU workflows.
• Maintain a deep understanding of BU products, infrastructure, and threat landscapes to inform security decisions.
• Provide guidance on security architecture and engineering, especially in cloud environments (AWS, GCP).
• Provide regular reports on the business unit's security posture and tracking key performance indicators (KPIs) and key risk indicators (KRIs).
• Anticipate needs and create clarity for BU stakeholders regarding top risks and posture status.
• Support TU and enterprise compliance with frameworks and standards such as FedRAMP, FISMA, NIST, ISO 27001, PCI, and SSAE18.
• Deliver security milestones and projects on time.
• Effectively manage matrixed resources and provide consistent status updates.
• 7+ years of experience in cybersecurity, risk management, or governance in a technology-related industry.
• 3+ years of experience PCI-DSS and SOC2 compliance and audit management and execution.
• 2+ years of experience with FedRAMP/FISMA and other regulatory frameworks.
• Strong working knowledge of cybersecurity functions including vulnerability management, incident response, and security engineering.
• Proven ability to influence and negotiate with stakeholders across competing priorities.
• Exceptional communication and interpersonal skills to build trust and alignment with BU and enterprise teams.
• Experience working with global, multidisciplinary teams.
• Bachelor’s degree in a technology-related field.

Good to Have

• CISSP, CISA, or Security+ certification preferred.
• 2+ years of experience in Application Security, Security Architecture, and cloud security (AWS, GCP).

Perks & Benefits

• Environment where associates are in the driver’s seat of their professional development.
• Access to help along the way.
• Encouragement to pursue passions and take ownership of careers.
• Support of colleagues and mentors.
• Tools needed to get where they want to go.
• Opportunity to learn new things and be a leader every day.

What We'll Bring:

At TransUnion, we strive to build an environment where our associates are in the driver’s seat of their professional development, while having access to help along the way. We encourage everyone to pursue passions and take ownership of their careers. With the support of colleagues and mentors, our associates are given the tools needed to get where they want to go. Regardless of job titles, our associates have the opportunity to learn new things and be a leader every day.

In this Advisor level role, you will work to improve information security posture over time by maturing all technical and administrative security capabilities; collecting, prioritizing, reporting on and reducing security risks, and ensuring overall strategic alignment between the BU and TransUnion. The ISO will be responsible for enabling the BU to manage and maintain its information security and regulatory risks while driving security maturity across products, infrastructure, and operations.

The ideal candidate is a proactive communicator, strategic thinker, and technical expert who can influence senior leadership and cross-functional teams.

What You'll Bring:

Impact You’ll Make:

This role will act as a key Advisor of the US Markets Information Security Officer Team and is responsible fo:

• Partnering with TU Product leadership to embed security considerations (security-by-design) into the product architecture, lifecycle, and applications of business projects.
• Serving as the trusted cybersecurity advisor for business unit leaders, providing expert advice on security requirements, risks, and best practices.
• Defining and assigning acceptable levels of risk and lead the development of risk management strategies.
• Aligning with enterprise security leaders to scale security through automation and tooling within BU workflows.
• Maintaining a deep understanding of BU products, infrastructure, and threat landscapes to inform security decisions.
• Providing guidance on security architecture and engineering, especially in cloud environments (AWS, GCP).
• Providing regular reports on the business unit's security posture and tracking key performance indicators (KPIs) and key risk indicators (KRIs).
• Anticipating needs and creating clarity for BU stakeholders regarding top risks and posture status.
• Supporting TU and enterprise compliance with frameworks and standards such as FedRAMP, FISMA, NIST, ISO 27001, PCI, and SSAE18.
• Delivering security milestones and projects on time.
• Effectively managing matrixed resources and providing consistent status updates.

This is a remote, hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.

Impact You'll Make:

What You’ll Bring:

• 7+ years of experience in cybersecurity, risk management, or governance in a technology-related industry.
• 3+ years of experience PCI-DSS and SOC2 compliance and audit management and execution
• 2+ years of experience with FedRAMP/FISMA and other regulatory frameworks.
• Strong working knowledge of cybersecurity functions including vulnerability management, incident response, and security engineering (e.g., WAFs, IPS, endpoint security).
• Proven ability to influence and negotiate with stakeholders across competing priorities.
• Exceptional communication and interpersonal skills to build trust and alignment with BU and enterprise teams.
• Experience working with global, multidisciplinary teams.
• Bachelor’s degree in a technology-related field; CISSP, CISA, or Security+ certification preferred.
• Ability to travel domestically up to 10%.

What We’d Like to See

• 2+ years of experience in Application Security, Security Architecture, and cloud security (AWS, GCP).

This is a remote position which may require occasional in-person attendance at work-related events at the discretion of management.