What will you do:
ERC is responsible for managing risk across Fiserv by providing governance and oversight to maintain a robust control environment, develop innovative risk management solutions and identify, assess, and mitigate/control risks. As a result, the ERC team is able to help Fiserv LOBs protect their business, win new business, continue to cement and advance relationships, and facilitate client oversight.
What will you need to know:
The Third Party Audit (TPA) team is charged with monitoring adherence to internal Fiserv controls, frameworks, requirements, regulations, and standards in collaboration with cross functional teams and other relevant functions required to assure success in each engagement.
The TPA team:
- May facilitate and/or participate in the support of periodic internal and external audit / assessments aimed at identifying operational / security / IT risks and concerns.
- Facilitates and participates in the support of corporate, external and client audit engagements and communicates these findings to executive management in a timely manner.
- Assists in assessing how the unit addresses (or will address) challenges/ changes with internal and external standards, controls, and frameworks, while promoting consistency of approach and sharing of best practices in an effort to promulgate enterprise solutions to common issues.
Job Responsibilities:
- Regular interactions with the assessors to discuss audit results and progress.
- Participates in meetings with process and control owners to discuss test and/or audit scoping, testing progress, and results.
- Oversees as requested audit activities relating to PCI-DSS, PCI PIN, PCI Card Production, PA-DSS, and SOC 1 & 2 audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards, and protocols.
- Leverages key tools and processes intended to manage various large audits in an efficient repeatable fashion, specifically, using consolidated knowledge repositories and workflow-based tools to support evidence collection, audit execution, and finding remediation.
- Communicates appropriately with partners at all levels, including developing and presenting recommendations on processes and controls for the business units.
- Provides periodic program updates on the status of the process for each assigned audit, exam, and assessment.
- Escalates matters requiring senior management attention, on a timely basis.
- Provides support in the execution of engagements.
- Assists and supports special investigations and other initiatives or special projects as requested.
Candidate Qualifications:
Bachelor's degree preferred, with emphasis in Accounting, Finance, Management, Information Technology, or general business or equivalent field. 2 – 4 years of risk management, audit, or industry experience (internal audit, internal controls, risk management, compliance management, regulatory agency, law firm, accounting, technology, or operations). Aptitude for risk management and controls. Ability to confront conflict and difficult issues in a professional, assertive, and proactive manner. Ability to work effectively within a fast paced complex organization and interact with all levels of management. Self-motivated, adaptable, strong work ethic, and demonstrated team player. Analytical, critical thinking, project management, interpersonal, and communication (written, oral, and listening) skills. Financial services experience, including working in highly regulated global environments. General understanding of global laws, regulations and standards governing technology and financial services industries. Technology acumen and aptitude. Strong PC skills (Microsoft Excel, Word, PowerPoint and SharePoint)
Preferred Qualifications:
Experience in performing or supporting third party oversight engagements such as:
- Regulatory examinations
- PCI-DSS assessments
- SOC 1 Type II audits
- SOC 2 Type II audits
- Internal Information Technology Audits
Possess an understanding of Information Technology and Information Security concepts. General understanding of laws, regulations (GLBA) and standards (PCI DSS, PA-DSS) governing high tech (NIST). Knowledge of COBIT, ISO 27001, ITIL
R-10344112