Cybersecurity Risk Treatment Manager

Calling all innovators – find your future at Fiserv.

We’re Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day – quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we’re involved. If you want to make an impact on a global scale, come make a difference at Fiserv.

Job Title

Cybersecurity Risk Treatment Manager

What does a successful Cybersecurity Risk Treatment Manager do at Fiserv?

You will work as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies, and methodologies. You will review and recommend risk treatment approaches, controls, and best practices and ensure accurate, timely, and complete documentation of risks in accordance with Fiserv policies, standards, and procedures.

You will focus on multiple types of risk within internal and business-controlled areas of security, technology, and business processes and partner with Corporate Assurance and Advisory Services (CAAS), Enterprise Risk and Compliance (ERC), and Legal as needed.

What you will do:

• Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate through risk treatment
• Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls
• Work closely with risk management and security leadership, teammates, and stakeholders to evaluate and recommend remediation approaches aligning with organizational risk posture
• Identify strengths and weaknesses in technology and cybersecurity programs and processes as they relate to privacy, security, business resiliency, and compliance frameworks
• Support risk treatment governance through development of processes used to monitor quality, timeliness, and accuracy of risk treatment activities
• Maintain oversight of risks in a GRC-related platform and analyze workflows, design documents, and procedures to identify gaps in risk posture and risk acceptability based on controls
• Create and present risk treatment and recommendation reports to risk management leadership
• Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings, and security gaps

What you will need to have:

• 8+ years’ experience in risk management
• 5+ years’ experience supporting internal audit or controls testing functions
• 5+ years’ administration experience with IT general controls, cybersecurity pillars, third-party risk management, and business resiliency
• 3+ years’ experience in regulatory requirements and laws such as PCI, FFIEC, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, and GLBA.
• 3 years’ experience in vulnerability and configuration management
• 2+ years’ experience in service design, delivery concepts, and control frameworks
• Experience in one or more of ISO 17799, ITIL, and NIST
• Bachelor’s degree in computer science, IT security, or a related field, or an equivalent combination of education, work, and military experience

What would be great to have:

• Certifications in one or more of the following: CIA, CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP

#LI-RM1

This role is not eligible to be performed in Colorado, California, District of Columbia, Hawaii, Maryland, New York, Nevada, Rhode Island or Washington.

Please note that salary ranges provided for this role on external job boards are salary estimates made by outside parties and may not be accurate.

Thank you for considering employment with Fiserv.  Please:

• Apply using your legal name
• Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

What you should know about us:

Fiserv is a global leader in payments and financial technology with more than 40,000 associates proudly serving clients in more than 100 countries. As one of Fortune® magazine’s “World’s Most Admired Companies™” 9 of the last 10 years, one of Fast Company’s Most Innovative Companies, and a top scorer on Bloomberg’s Gender-Equality Index, we are committed to innovation and excellence. 

Our commitment to Diversity and Inclusion:

Fiserv is an Equal Opportunity Employer, and we welcome and encourage diversity in our workforce that reflects our world. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by law. 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Warning about fake job posts:

Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information.

Any communications from a Fiserv representative will come from a legitimate business email address. We will not hire through text message, social media, or email alone, and any interviews will be conducted in person or through a secure video call. We won’t ask you for sensitive information nor will we ask you to pay anything during the hiring process. We also won’t send you a check to cash on Fiserv’s behalf.

If you see suspicious activity or believe that you have been the victim of a job posting scam, you should report it to your local FBI field office or to the FBI’s Internet Crime Complaint Center.