Security Analyst - Risk & Compliance

FIS
Intercessioncity, FL
21 May 2024

Vacancy expired!

Position Type : Full time Type Of Hire : Experienced (relevant combo of work and education) Education Desired : Bachelor of Computer Science Travel Percentage : 25 - 50%

Job Description

Are you curious, motivated, and forward-thinking? At FIS you'll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun.

About the team:

The FIS Risk, Information Security, and Compliance (RISC) team is responsible for ensuring that our products, our technology, our processes, vendors, and clients meet industry standards for security, compliance, and the protection of sensitive data. Our team works domestically and globally to assess and mitigate the risks that can exist across our organization. Celebrating 50 years of top performance in the FINTECH industry has provided us many opportunities for risk mitigation because after all - " Success always requires a certain amount of RISC. "

What you will be doing:

You will be a key part of the Vendor Risk Management - Critical Relationship Management Team. Our primary responsibility is to perform enhanced security focused risk assessments of our most critical third-party relationships. You will be a key part of the team, with responsibility to perform some of the most critical assessments within the team.

Main duties and responsibilities :
  • Support the end-to-end critical relationship management program which includes managing business, security, compliance, and contractual risks associated with working with third-parties.
  • Coordinate the distribution of due diligence questionnaires to the vendors, review submitted questionnaires for completeness, ensure appropriate stakeholders finalize reviews and determine overall risk remediation strategy for issue tracking.
  • Partner with the business stakeholders, third-party vendors and subject matter experts (security, compliance, legal, etc.) to ensure program and processes are successfully executed.
  • As required, support pre- and post-contract vendor due diligence efforts including security risk triage, administration of appropriate security assessments, and issue management/remediation and escalation.
  • Manage a consistently growing continuous monitoring portfolio of vendors to help achieve the objective of maintaining visibility into the risk landscape of the organization's most critical third parties.
  • Identify, prioritize and pursue opportunities to enhance the CRM processes.
  • Contribute to the development of detailed procedural documents and ensure alignment of CRM with applicable regulatory requirements globally.

What you bring:

  • A minimum of 3 years of work relevant risk management experience with at least 2+ years in security.
  • Exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives
  • Good understanding of security risk management, integration with enterprise risk management, and the integration with business strategy
  • Knowledge of and experience with GRC platforms such as ServiceNow and/or Archer would be very beneficial
  • knowledge of security and compliance control frameworks of NIST, CIS, SOX, SOC, GDPR, ISO, COBIT
  • Experience performing business analysis, documenting requirements, and implementing solutions on industry-standard information governance
  • Assist in the development of actionable reporting and KPIs.
  • Support the design, implementation, maintenance, and enforcement of third-party security risk management policies, procedures, and controls
  • Oversee the execution of critical relationship management program in client engagements
  • Provide oversight in the development and execution of third-party security risk assessment criteria
  • Lead new initiatives to continue to expand and improve the overarching CRM program and work with senior stakeholders to promote value and continued awareness
  • Self-starter with attention to detail and ability to manage multiple projects, delivering timely, exceptional, and complete projects.

Added bonus if you have:
  • Hands on experience with regulatory or authoritative regulatory source control libraries for the development of information security policies
  • Effective verbal and written communication skills with the ability to take complex information and present to all levels of management, staff, clients and vendors.
  • The ability to translate technical language into business terms
  • Demonstrated experience in supporting corporate programs
  • Demonstrated experience building process and training documentation for information security policy stakeholders
  • Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, technical support, or business continuity

What we offer you:
  • A multifaceted job with a high degree of responsibility and a broad spectrum of opportunities
  • The chance to work on some of the most challenging, relevant issues in financial services & technology
  • A work environment built on collaboration, flexibility and respect
.

Vaccination Requirements

Notice to all US applicants: All employees must be fully vaccinated against COVID-19. Individuals with a disability (including a medical condition) or sincerely held religious beliefs or practices that prevent them from getting the vaccine may request an exemption from the vaccine requirement.

Privacy Statement

FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice.

EEOC Statement

FIS is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, genetic information, national origin, disability, veteran status, and other protected characteristics. The EEO is the Law poster is available here supplement document available here

For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will be required to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.

Sourcing Model

Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.

#pridepass