What Does TPRM Risk Assessor do at Fiserv?
Fiserv is looking for a talented risk and compliance professional aligned with Enterprise, Risk and Controls department to perform Third Party Risk Assessment for vendors supporting Fiserv. Using assessment skills, you will provide the highest level of service to ensure vendor risks are identified, assessed, mitigated and monitored in a timely manner.
What you will do:
- Developing detailed understanding of security policies, standards, and associated processes as it pertains to third party risk management program.
- 3+ years of experience in Risk and Compliance domain
- Driving collaboration between cross-functional stakeholders and facilitating strong partnership with Fiserv Business Units
- Capability of leading TRPM Risk transformation projects in alignment with organization strategy.
- Responsible for conducting third-party risk assessment in line with security standards, practices encompassing people, process and technology controls
- Responsible for metric development and publishing reports to the senior management.
- Proficient in reviewing documentation including but not limited to security policies, processes, SOPs, third party audit/assurance reports including SOC 2, PCI AOC/ROC/ROV/SAQ, ISAE, ISMS, penetration testing, vulnerability scanning reports to identify gaps/exceptions
- Responsible for monitoring, tracking risks through closure by collaborating with multiple constituents including internal and external stakeholders; ensuring auditable results are maintained throughout the engagement.
- Ensure accurate and timely review; responsible for well-written observations, and walking stakeholders through the process lifecycle as needed
- Maintain and create repository and data sheets for cyber events and vendor engagements records
- Lead and participate in regional and global TPRM governance forums and liaise with business stakeholders. Document and maintain the relevant documentation.
- Establish trust and credibility with key partners; develop and foster constructive professional relationships with multiple stakeholders including but not limited to executive and line management, risk officers, risk contacts and third-party contacts
- Work on vendor events, liaison with business stakeholders and follow-up with vendors
- Mentor and train Junior team members on Vendor Risk Assessment program.
What you will need to have:
- Bachelor’s Or Master’s degree from an accredited university is preferred, equivalent work experience will be considered.
- 3+ years of experience in IT Risk and Compliance Management or Information Security domain
- Good interpersonal, written/verbal communication, and organizational skills
- Ability to confront conflict and difficult issues in a professional, assertive, and proactive manner
- Ability to work effectively within a matrixed organization
- Strong organizational and time management skill with Global stakeholder management
- Strong MS office skills (Microsoft Excel, Word, PowerPoint, and SharePoint)
- Exposure to GRC ( Governance, Risk and Compliance tools)
What would be nice to have:
- Financial services experience, including working in highly regulated environments
- Knowledge of IT audit, ISO 27001, ITIL, Vendor Risk Management process
- Ability to interact across all levels of management
- Attention to detail with a commitment to high-quality standards
- A successful track record for delivering results in a timely manner
- Preferred Certifications: CISA, CRISC, CTPRA,CTPRP
R-10341975