Risk Specialist

What does a successful Risk Professional Enterprise Risk and Controls do at Fiserv?

Fiserv is seeking a skilled risk and compliance professional to join its Enterprise Risk and Controls team. This dynamic role spans multiple responsibilities, including Third Party Risk Assessments for vendors and support for PCI and SOC audits as part of the organization's Third-Party Audit initiatives. The position is ideal for professionals who are adaptable and eager to contribute across various risk programs within the department.

What you will do:

• The role primarily centers on contributing to the Third-Party Risk Management (TPRM) function. It involves gaining a comprehensive understanding of security policies, standards, and related processes within the scope of the TPRM program. Leveraging strong assessment capabilities, you will ensure that vendor-related risks are effectively identified, evaluated, mitigated, and continuously monitored to uphold the highest standards of security and compliance.
• Experience in the domains such as risk and compliance, information security.
• Driving collaboration between cross-functional stakeholders and facilitating strong partnership with Fiserv Business Units.
• Capability of contributing to TRPM Risk transformation projects in alignment with organization strategy.
• Ability to perform due diligence independently on vendor outsourcings.
• Responsible for independently conducting third-party risk assessment in line with security standards, practices encompassing people, process, and technology controls.
• Proficient in reviewing documentation including but not limited to security policies, processes, SOPs, third party audit/assurance reports including SOC 2, PCI AOC/ROC/ROV/SAQ, ISAE, ISMS, penetration testing, vulnerability scanning reports to identify gaps/exceptions.
• Responsible for monitoring, tracking risks through closure by collaborating with multiple constituents including internal and external stakeholders; ensuring auditable results are maintained throughout the engagement.
• Ensure accurate and timely review; responsible for well-written observations, and walking stakeholders through the process lifecycle as needed.
• Participate in regional and global TPRM governance forums and liaise with business stakeholders. Document and maintain the relevant documentation.
• Establish trust and credibility with key partners; develop and foster constructive professional relationships with multiple stakeholders including but not limited to executive and line management, risk officers, risk contacts and third-party contacts.
• Work on vendor events, liaison with business stakeholders and follow-up with vendors.
• Shift – 1 PM to 10 PM IST

What you will need to have:

• Bachelor's Or Master's degree from an accredited university is preferred, equivalent work experience will be considered.
• Experience in IT Risk and Compliance Management or Information Security domain.
• Good interpersonal, written/verbal communication, and organizational skills.
• Ability to handle internal and external discussions/interactions issues in a professional, assertive, and proactive manner
• Ability to work effectively within a matrixed organization.
• Strong organizational and time management skills with Global stakeholder management.
• Strong MS office skills (Microsoft Excel, Word, PowerPoint, and SharePoint).
• Exposure to GRC ( Governance, Risk and Compliance tools).

What would be great to have:

• Financial services experience, including working in regulated environments.
• Knowledge of IT audit, ISO 27001, ITIL, Vendor Risk Management process.
• Ability to interact across all levels of management.
• A successful track record for delivering results in a timely manner.
• Industry Certifications: CISA, CRISC, CTPRA, ISO 27001 LA/LI, ISO 31000 or equivalent etc.).