What Does TPRM Risk Assessor do at Fiserv?

Fiserv is looking for a talented risk and compliance professional aligned with Enterprise, Risk and Controls department to perform Third Party Risk Assessment for vendors supporting Fiserv. Using assessment skills, you will provide the highest level of service to ensure vendor risks are identified, assessed, mitigated and monitored in a timely manner.

What You Will Do

• Developing detailed understanding of security policies, standards, and associated processes as it pertains to third party risk management
• 3-5 years of experience in Risk and Compliance domain
• Driving collaboration between cross-functional stakeholders and facilitating strong partnership with Fiserv Business Units
• Responsible for independently conducting third-party risk assessment in line with security standards, practices encompassing people, process and technology controls
• Proficient in reviewing documentation including but not limited to security policies, processes, SOPs, third party audit/assurance reports including SOC 2, PCI AOC/ROC/ROV/SAQ, ISAE, ISMS, penetration testing, vulnerability scanning reports to identify gaps/exceptions
• Responsible for monitoring, tracking risks through closure by collaborating with multiple constituents including internal and external stakeholders; ensuring auditable results are maintained throughout the engagement
• Ensure accurate and timely review; responsible for well-written observations, and walking stakeholders through the process lifecycle as needed
• Maintain and create repository and data sheets for cyber events and vendor engagements records
• Establish trust and credibility with key partners; develop and foster constructive professional relationships with multiple stakeholders including but not limited to executive and line management, risk officers, risk contacts and third-party contacts
• Work on vendor events, liaison with business stakeholders and follow-up with vendors

What You Will Need To Have

• Bachelor’s Or Master’s degree from an accredited university is preferred, equivalent work experience will be considered.
• 3 - 6 years of experience in Risk Management or Information Security domain
• Good interpersonal, written/verbal communication, and organizational skills
• Ability to confront conflict and difficult issues in a professional, assertive, and proactive manner
• Ability to work effectively within a matrixed organization
• Strong organizational and time management skill with Global stakeholder management
• Strong MS office skills (Microsoft Excel, Word, PowerPoint, and SharePoint)
• Exposure to GRC ( Governance, Risk and Compliance tools)

What Would Be Nice To Have

• Financial services experience, including working in highly regulated environments
• Knowledge of IT audit, ISO 27001, ITIL, Vendor Risk Management process
• Ability to interact across all levels of management
• Attention to detail with a commitment to high-quality standards
• A successful track record for delivering results in a timely manner
• Industry Certifications (ISO 27001 LA/LI, CISA etc)