Senior Manager - InfoSec Risk Management & Governance

TransUnion's Job Applicant Privacy Notice

What We'll Bring:

We are one of India’s leading credit information company with one of the largest collections of consumer information. We aim to be more than just a credit reporting agency. We are a sophisticated, global risk information provider striving to use information for good.
We take immense pride in playing a pivotal role in catalyzing the BFSI industry in the country. We got here by tapping into our excitement and passion of wanting to make a difference in the lives of our clients and consumers.
We at TransUnion CIBIL are an equal opportunity employer and are committed to a policy of treating all our associates and job applicants equally. Applicants are evaluated on the basis of job qualification - not race, color, sex / gender, religion, caste, national origin, age, disability, marital status, citizenship status, sexual orientation, gender identity or any other status, whether or not protected. We are committed to taking affirmative action to employ and advance minorities, women, and qualified disabled individuals. We ensure a safe, productive, and harassment-free workplace for all.
Culture and Values
Our culture is welcoming, energetic, and innovative. There’s an overall synergy that flows throughout the company, creating a sense of connect, belonging and unity in knowing that we’re all working to achieve the same overall goal. Our core values which we live by every day are integrity, People, Customer, and Innovation.
https://www.transunion.com/privacy/global-job-applicant
What is excitement and passion for us?
We define it as a blend of curiosity, ability to unlearn and yet continuously learn, able to connect with meaning and finally the drive to execute ideas till the last mile is achieved. This passion helps us focus on continuous improvement, creative problem solving and collaboration which ensures delivery excellence.
Dynamics of the Role
This is an exciting time in TransUnion CIBIL. With investments in our people, technology and new business markets, we are redefining the role and purpose of a credit bureau.

What You'll Bring:

Security Risk Assessment and Assurance -

• Develop and maintain the organization’s security governance framework, including policies, procedures, and standards that align with industry best practices (e.g., ISO 27001, NIST).
• Drive and collaborate on certification compliance on key industry frameworks such as ISO 27001, PCI-DSS, SOC1 and SOC2.
• Ensure consistent implementation and enforcement of security policies across the organization, driving compliance with internal and external security standards.
• Review new product initiatives and provide feedback
• Lead the development of a comprehensive risk management program to identify, assess, and manage cybersecurity risks across the enterprise.
• Collaborate with key stakeholders to ensure that risk assessments are conducted regularly and that mitigation strategies are in place for high-priority risks.
• Review product centric legal documentation on security aspects required for vendors/partners/Third parties to adhere to.
• Provide assurance to B2B Members
• Conduct RCSA and control testing for Infosec unit on periodic basis
• Perform security assessments and due diligence for third-party vendors, ensuring contractual obligations and security requirements are met.
• Manage security exceptions and ensure thorough risk assessment

Regulatory and compliance -

• Stay informed about evolving regulatory advisories and compliance requirements.
• Lead internal and external audit processes related to security, ensuring that findings are addressed promptly and effectively.
• Maintain internal activity calendar for assurance
• Regularly review and monitor third-party risks, ensuring ongoing compliance with security policies and regulatory standards.
• Drive organization wide security awareness programme, on content creation and phishing simulation.
• Manage RBI inspections (Department of Supervision, CSITE) and Regulatory submissions for infosec requirements along with compliance team, Internal and Group level stakeholders.
• Align on infosec KRIs data submissions and alignment with various risk and compliance units.
• Regulatory queries and ad-hoc submissions through DAKSH and email.
• Assist in preparation for Infosec council, Board presentations and track actionables.
• Act as an SME on infosec regulatory matters for guidance/ clarifications to various functions

Impact You'll Make:

Minimum of 6-8 years of experience in information security, with at least 4 years in a GRC role.

In-depth knowledge of security frameworks (e.g., ISO 27001, NIST, CIS Controls), risk management principles, and compliance regulations. 

Strong understanding of risk management methodologies, governance structures, and regulatory compliance requirements.

Good to have exposure and fundamental clarity on Cloud security

Exceptional communication and presentation skills, with the ability to engage and influence senior executives and board members.

High-level proficiency in GRC tools, risk assessment methodologies, and security metrics reporting.

This job is assigned as On-Site Essential and requires in- person work at an assigned TU office location as a condition of employment.

TransUnion Job Title

Consultant, InfoSec Risk Management & Governance