IT Security Analyst Senior

Job Description

Position Type : Full time Type Of Hire : Experienced (relevant combo of work and education) Education Desired : Bachelor of Computer Science Travel Percentage : 25 - 50% Are you curious, motivated, and forward-thinking At FIS youll have the opportunityto work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun. About the team:The FIS Risk, Information Security, and Compliance (RISC) team is responsible for ensuring that our products, our technology, our processes, vendors, and clients meet industry standards for security, compliance, and the protection of sensitive data. Our teamworks domestically and globally to assess and mitigate the risks that can exist across our organization. Celebrating 50 years of top performance in the FINTECH industry has provided us many opportunities for risk mitigation because after all - " Success alwaysrequires a certain amount of RISC. " What you will be doing: Support the end-to-end critical relationship management program which includes managing business, security, compliance, and contractual risks associated with working with third-parties. Coordinatethe distribution of due diligence questionnaires to the vendors, review submitted questionnaires for completeness, ensure appropriate stakeholders finalize reviews and determine overall risk remediation strategy for issue tracking. Partner with the businessstakeholders, third-party vendors and subject matter experts (security, compliance, legal, etc.) to ensure program and processes are successfully executed. As required, support pre- and post-contract vendor due diligence efforts including security risk triage,administration of appropriate security assessments, and issue management/remediation and escalation. Manage a consistently growing continuous monitoring portfolio of vendors to help achieve the objective of maintaining visibility into the risk landscape ofthe organizations most critical third parties. Identify, prioritize and pursue opportunities to enhance the CRM processes. Contribute to the development of detailed procedural documents and ensure alignment of CRM with applicable regulatory requirements globally.What you bring: A minimum of 1-2 years of work relevant risk management experience with at least 1 year in security. Exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence and respect ofsenior level executives Good understanding of security risk management, integration with enterprise risk management, and the integration with business strategy Knowledge of and experience with GRC platforms such as ServiceNow and/or Archer would be very beneficialknowledge of security and compliance control frameworks of NIST, CIS, SOX, SOC, GDPR, ISO, COBIT Experience performing business analysis, documenting requirements, and implementing solutions on industry-standard information governance Assist in the developmentof actionable reporting and KPIs. Support the design, implementation, maintenance, and enforcement of third-party security risk management policies, procedures, and controls Oversee the execution of critical relationship management program in client engagementsProvide oversight in the development and execution of third-party security risk assessment criteria Lead new initiatives to continue to expand and improve the overarching CRM program and work with senior stakeholders to promote value and continued awarenessRepresent CRM function without aid to stakeholders, senior management, and any other interested parties. Experience leading stakeholders across separate functions to achieve a shared goal and providing regular status updates and progress metrics to management.Hands on experience with regulatory or authoritative regulatory source control libraries for the development of information security policies Effective verbal and written communication skills with the ability to take complex information and present to alllevels of management, staff, clients and vendors. The ability to translate technical language into business terms Demonstrated experience in supporting corporate programs Demonstrated experience building process and training documentation for information securitypolicy stakeholders Self-starter with attention to detail and ability to manage multiple projects, delivering timely, exceptional, and complete projects. Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations,incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, technical support, or business continuity. Ability to travel up to 30% Other Beneficial Experience:Current industry certifications (CISA, CISM, CISSP, CRISC, SSCP) Software development and programming experience Prior onsite assessment and audit experience What we offer you: A modern, international work environment and a dedicated and motivated team. Acompetitive salary and benefits. The chance to work on some of the most challenging, relevant issues in financial services & technology. Great work spaces with dedicated and motivated colleagues. A work environment built on collaboration, flexibility, andrespect. #LI-RB1 Privacy Statement FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, pleasesee the Online Privacy Notice . Sourcing Model Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on thepreferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company. #pridepass