Information & Cyber Security Attorney

TransUnion’s Legal team supports the company’s global business by providing strategic legal guidance that enables innovation, protects the company, and ensures compliance with applicable laws and regulations. This team partners closely with Global Information Security, Technology, Compliance, and business leaders to manage legal risk and support secure, scalable operations.

This role exists to provide dedicated legal counsel for information security and cybersecurity matters, ensuring TransUnion’s security practices, vendor relationships, and technology operations meet global regulatory requirements and industry best practices.

• Review, draft, and negotiate security‑related provisions in contracts with TransUnion vendors and other third parties.
• Advise Global Information Security and Global Technology teams on domestic and international laws, regulations, and standards impacting security operations.
• Partner with cross‑functional teams, including senior business and legal stakeholders, to provide cybersecurity and information security legal guidance supporting operations and new initiatives.
• Collaborate with Tech Risk Governance, Insider Threat, Vulnerability Management, and Incident Response teams to assess, manage, and resolve security risks, threats, and vulnerabilities.
• Support TransUnion’s Global Compliance team on security audits, regulatory examinations, and related compliance matters.
• Monitor and advise on changes in laws, regulations, and industry standards that may impact TransUnion’s short‑ and long‑term security and business strategy.
• Provide clear, practical guidance to senior leaders, including the General Counsel, on cybersecurity‑related legal and risk considerations.

• Strong understanding of information security risk assessment, risk management, and governance to effectively advise on legal and regulatory risk and control alignment.
• Demonstrated experience with industry frameworks and standards such as NIST Cybersecurity Framework, SSAE 16, PCI, and ISO 27001/27002, and how these are applied within regulated environments.
• Juris Doctor (JD) degree with 4–6 years of experience practicing law, preferably within a financial services, insurance, technology, or highly regulated environment.
• Proven ability to build strong relationships and effectively collaborate with peers, business leaders, and legal stakeholders at all levels of the organization.

• Knowledge of information security and cybersecurity governance models and control frameworks.
• Ability to interpret and apply regulatory requirements to cybersecurity and technology operations.
• Experience supporting security audits, regulatory engagements, and contractual security obligations.

• Enjoy day‑one eligibility for medical, dental, and vision coverage, plus supplemental plan options.
• Company‑paid basic life and AD&D, optional voluntary life and AD&D for you and your family, and short‑ and long‑term disability.
• Access Dependent Care FSA for possibility of an employer match, a complimentary Care@Work membership, and up to 12 weeks of paid parental leave.
• Build toward what’s next with our 401(k) with employer match and Employee Stock Purchase Plan (ESPP).
• Grow and recharge with tuition reimbursement, flexible time off, up to 12 paid holidays per year, and employee discounts.
• Access 24/7 support including professional therapy, coaching, and emotional well‑being programs.

We are committed to being a place where diversity is not only present, it is embraced. As an equal opportunity employer, all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, age, disability status, veteran status, genetic information, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.

Pay Scale Information: The U.S. base salary range for this position is $112,500.00 – $187,500 annually.