Are you curious, motivated, and forward-thinking? At FIS you'll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun.
The FIS Legal, Compliance, and Corporate Affairs team is responsible for ensuring that our products, our technology, our processes, vendors, and clients meet industry standards for security, compliance, and the protection of sensitive data. Our team works domestically and globally to assess and mitigate the risks that can exist across our organization. Celebrating 50 years of top performance in the FINTECH industry has provided us many opportunities for risk mitigation.
Support the end-to-end critical relationship management program which includes managing business, security, compliance, and contractual risks associated with working with third-parties.
Coordinate the distribution of due diligence questionnaires to the vendors, review submitted questionnaires for completeness, ensure appropriate stakeholders finalize reviews and determine overall risk remediation strategy for issue tracking.
Partner with the business stakeholders, third-party vendors and subject matter experts (security, compliance, legal, etc.) to ensure program and processes are successfully executed.
As required, support pre- and post-contract vendor due diligence efforts including security risk triage, administration of appropriate security assessments, and issue management/remediation and escalation.
Manage a consistently growing continuous monitoring portfolio of vendors to help achieve the objective of maintaining visibility into the risk landscape of the organization's most critical third parties.
Identify, prioritize and pursue opportunities to enhance the CRM processes.
Contribute to the development of detailed procedural documents and ensure alignment of CRM with applicable regulatory requirements globally.
A minimum of 1-2 years of work relevant risk management experience with at least 1 year in security.
Exceptional interpersonal, team building, mentoring, and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives
Good understanding of security risk management, integration with enterprise risk management, and the integration with business strategy
Knowledge of and experience with GRC platforms such as ServiceNow and/or Archer would be very beneficial
knowledge of security and compliance control frameworks of NIST, CIS, SOX, SOC, GDPR, ISO, COBIT
Experience performing business analysis, documenting requirements, and implementing solutions on industry-standard information governance
Assist in the development of actionable reporting and KPIs.
Support the design, implementation, maintenance, and enforcement of third-party security risk management policies, procedures, and controls
Oversee the execution of critical relationship management program in client engagements
Provide oversight in the development and execution of third-party security risk assessment criteria
Lead new initiatives to continue to expand and improve the overarching CRM program and work with senior stakeholders to promote value and continued awareness
Represent CRM function without aid to stakeholders, senior management, and any other interested parties.
Experience leading stakeholders across separate functions to achieve a shared goal and providing regular status updates and progress metrics to management.
Hands on experience with regulatory or authoritative regulatory source control libraries for the development of information security policies
Effective verbal and written communication skills with the ability to take complex information and present to all levels of management, staff, clients and vendors.
The ability to translate technical language into business terms
Demonstrated experience in supporting corporate programs
Demonstrated experience building process and training documentation for information security policy stakeholders
Self-starter with attention to detail and ability to manage multiple projects, delivering timely, exceptional, and complete projects.
Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, technical support, or business continuity.
Ability to travel up to 30%
FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice .
Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.