Logo of Huzzle

Director Information Security

image

TransUnion

Yesterday

  • Job
    Full-time
    Expert Level
  • IT & Cybersecurity
  • Johannesburg
  • Quick Apply

AI generated summary

  • You must have 12+ years in risk management/security, 10+ in management, relevant degree, certifications (CISSP/CISM), strong leadership, vendor management experience, and knowledge of compliance and security technologies.
  • You will lead enterprise security, manage risk assessments, drive security projects, oversee compliance, report on security posture, and support incident responses while engaging with stakeholders.

Requirements

  • 12 years+ of extensive experience in risk management, information security and IT
  • 10 years Information Security Management
  • Degree in Business Administration or a technology-related field required
  • Professional security management certification in Information Security / Cyber Security or industry qualifications (CISSP, CISM, CISA, CCSP)
  • Strong leadership, project management skills, time management, and problem-solving skills
  • Ability to work in a virtual, global matrix organization
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
  • Experience with working with local and regional regulators and authorities such as the National Credit Regulator & the Information Regulator to ensure compliance with local regulations
  • Experience with contract and vendor negotiations and management including managed services
  • Experience with designing, developing and implementing security processes, controls and technologies
  • Working experience with information security solutions in areas such as Identity Management, Vulnerability Management, Content Filtering, DLP, IDS/IPS, FIM and Incident Response
  • Working knowledge of industry frameworks and standards such as SSAE 18, PCI DSS, and ISO 27001
  • Knowledge of information security in Windows and Linux operating systems as well as TCP/IP networks
  • Understanding of web application and product security controls
  • Experience with performing system audits and security assessments, and in interfacing with external auditors
  • Experience with reporting security metrics (dashboards, KPIs, KRIs)
  • Ability to operate as an information security business partner and advisor to senior executives and, where necessary, a hands-on contributor on technology deployments and other projects
  • This is a hybrid position and involves regular performance of job responsibilities virtually as well as in-person at an assigned TU office location for a minimum of two days a week.

Responsibilities

  • Responsible for enterprise-wide security in the Business Unit, as such you will effectively be the Chief Information Security Officer for the BU, interfacing with TU’s key stakeholders in the African region and other international locations, as well as the Global Information Security group.
  • Operate in a matrix organization with functional alignment into Global Information Security and dotted reporting into the regional Technology organization.
  • Work directly with business unit leaders to facilitate risk assessment and risk management processes.
  • In close collaboration with local IT, PMO, and Global Information Security, drive execution of Information Security projects, including technology deployments, ongoing security assessments and other risk management activities as per TU’s Information Security strategy and plan.
  • Maintain and enhance an information security management system in accordance with ISO 27001 standards.
  • Support and develop the information security strategy, risk management initiatives, and become a trusted advisor and thought leader to meet business, client and regulatory demands.
  • Understand and interact with related disciplines through regulatory forums, committees, and business engagements to ensure the consistent application of policies and standards across all technology projects, systems and services
  • Provide leadership, oversight and performance management to the organization’s geographically distributed information security department, including coaching and motivation for high performance.
  • Maintain accountability for the Information Security budget in the region.
  • Facilitate certifications, as necessary and determined by the business or Global Information Security, for SSAE 18, PCI DSS and ISO 27001.
  • Partner with business stakeholders across the company to raise awareness of risk management concerns and to drive and influence their resolution.
  • Work within the project and resource prioritization process to ensure security projects and efforts are represented, prioritized and executed.
  • On regular basis, report status of security posture and progress against objectives to senior management in Global Information Security and regional IT.
  • Maintain a thorough understanding of current security deviations, open assessment and audit findings, and vulnerabilities in TU’s security posture.
  • Mobilize and support regional responses to threats and incident investigations in an effective and timely manner.
  • In conjunction and coordination with Global Information Security, maintain and test incident response process and ensure its continued integration with regional and global escalation protocols.
  • Oversee the completion of security audits by customers and data providers.
  • Prepare and contribute in periodic communication and presentations to local TU business and functional leaders regarding regional security posture and direction.
  • Complete annual planning process through ownership and accountability for BU plans for Information Security that align with global strategy but reflect nuances of local needs, where appropriate.
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

FAQs

What is the main responsibility of the Director of Information Security at TransUnion?

The main responsibility is to lead the Information Security function across TransUnion Africa, driving the execution of the regional Information Security strategy and overseeing the local Information Security team.

How many years of experience are required for this position?

A minimum of 12 years of extensive experience in risk management, information security, and IT is required.

What educational background is necessary for this role?

A degree in Business Administration or a technology-related field is required for this role.

Is a specific certification required for the Director of Information Security position?

Yes, a professional security management certification in Information Security / Cyber Security or industry qualifications such as CISSP, CISM, CISA, or CCSP is required.

What kind of team will the Director of Information Security oversee?

The Director will provide leadership, oversight, and performance management to the organization's geographically distributed information security department.

What are the key skills needed for this position?

Strong leadership, project management skills, time management, problem-solving abilities, and innovative thinking are key skills needed for this position.

How does this role interact with other departments and stakeholders?

The role involves interfacing with senior IT, business, customer, and regulatory leaders, and working closely with business unit leaders to facilitate risk assessment and management processes.

Will the Director need to manage a budget?

Yes, the Director will maintain accountability for the Information Security budget in the region.

What are the expectations for reporting in this role?

The Director is expected to regularly report the status of the security posture and progress against objectives to senior management in Global Information Security and regional IT.

How often is in-person attendance required?

This is a hybrid position, requiring in-person attendance at an assigned TU office location for a minimum of two days a week.

What are some of the compliance standards the Director will work with?

The Director will work with compliance standards such as SSAE 18, PCI DSS, and ISO 27001.

Can the Director expect to work with local and regional regulators?

Yes, experience working with local and regional regulators and authorities to ensure compliance with local regulations is necessary for this role.

Is previous experience with auditing and security assessments required?

Yes, the Director should have experience performing system audits and security assessments, as well as interfacing with external auditors.

What is the scope of the Information Security management program?

The scope of the program spans across eight African countries.

Will this role require hands-on technical contributions?

Yes, the Director must be able to operate as an information security business partner to senior executives and, when necessary, a hands-on contributor on technology deployments and other projects.

Consulting
Industry
10,001+
Employees

Mission & Purpose

TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing an actionable picture of each person so they can be reliably represented in the marketplace. As a result, businesses and consumers can transact with confidence and achieve great things. This picture is grounded in our legacy as a credit reporting agency which enables us to tap into both credit and public record data; our data fusion methodology that helps us link, match and tap into the awesome combined power of that data; and our knowledgeable and passionate team, who stewards the information with expertise, and in accordance with local legislation around the world. A leading presence in more than 30 countries across five continents, TransUnion provides solutions that help create economic opportunity, great experiences and personal empowerment for hundreds of millions of people. We call this Information for Good®—it’s our purpose, and what drives us every day.