8 Cyber Risk Jobs

Hi, We at Fiserv are actively hiring for Cyber Risk Management professionals with expertise in Cybersecurity Program Management, Governance, Risk & Compliance. Below is the job description: What does a successful Cyber Risk Management Advisor do at Fiserv: Identifying information security and emerging technological requirements and effective risk mitigation actions. Manage key accounts/customers from a Cybersecurity service perspective. Successfully leading and supporting the delivery of Cybersecurity projects and services for our customers by working directly with key business stakeholders and technology SMEs. What will you do: Provide Cybersecurity support for network security products and services (new deployments, hardware refresh/upgrades, migrations, and feature implementation). Support the implementation of security concerns with new and emerging technologies with particular focus on SaaS, PaaS and IaaS specifically the major Cloud providers. Support and guide other teams in the organization on Cybersecurity best practices, security vulnerabilities and implementation/enforcement of the compensating controls. Assist with creating security designs and configure security controls within the Cybersecurity portfolio. Support activities to ensure that risk and controls are in compliance with regulatory requirements and remain in line with company risk appetite. Use metrics to track security risks and awareness. Ensure compliance and governance for data security. Possess expert knowledge in Cybersecurity in the financial services industry to provide guidance on business operations, policies and practices. Involved in or respond to information security incidents as needed. What will you need to know: 15 or more years of cybersecurity and technology risk experience in a large MNC. Minimum of 10 years of experience in Cybersecurity Program Management & Governance, including technical background (networks, servers, encryption, application security, infosec tool, etc). Possesses progressive experience in leading multiple projects in a complex international financial services organization, preferably Financial Technology. Excellent written and verbal communication skills with the ability to negotiate and influence multiple stakeholders, driving positive changes through awareness, understanding, acceptance and commitment to relevant information security topics. Excellent customer management skills with min 8 years of experience with managing large enterprise customers preferably from financial services industry. Relevant professional certification, such as CISSP, CEH, CRISC, CGEIT. What would be great to have: A minimum of 10 years of hands-on experience with multiple security disciplines preferred. Preferred industry certifications are CISM, CISSP. We welcome and encourage diversity in our workforce. Fiserv is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protector veteran. Explore the possibilities of a career with Fiserv and Find your Forward with us !

Assess, prioritize, and manage cybersecurity risks; ensure regulatory compliance and support security governance across IT/OT systems. Required Candidate profile Professionals with experience in cyber risk, controls, regulatory standards (NIST, ISO), and risk quantification across OT/IT environments.

Responsible for ISO 27001 based ISMS implementation & Sustenance. Responsible for advising Business continuity planning, IT Disaster recovery planning.

Lead governance, risk, and compliance initiatives across cyber domains. Develop risk frameworks, align with global regulations, and interface with leadership and auditors. Required Candidate profile Strategic cyber risk leader with experience in GRC, regulatory compliance, and cyber risk frameworks. Ability to drive governance programs and manage stakeholder communication

Vice President (VP1) - Head of Common ICT LOD2 Controls Execution Platform - CICEP Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology Transversal Risks and RISK ORM Network. Under the authority of the Poles Managers, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, the Common ICT LOD2 Controls Execution Platform (CICEP), reports hierarchically to the Group Head of ICT Controls Testing. The Head of CICEP, India CoE, ensures the homogeneity, the robustness and effectiveness of the ICT controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions. The position is based in India Solutions Pvt. Ltd. (ISPL), Mumbai and reports to Head of RISK ORM Network, India CoE, plus functionally to Group Head of ICT Controls Testing. Responsibilities Lead the delivery of the COE CICEP India team (including his/her missions) dedicated to: o Performing the LOD2 check and challenge on the execution of ICT controls (verification, re-performance, direct controls testing) requiring technical and business expertise. o Determining the design effectiveness, and operating effectiveness of IT and Cyber controls. o Review and assist the team with the evaluation of control deficiencies and provide practical recommendations for remediation. o Drafting high-quality reports containing the risk assessors opinion on the ICT control gaps, and recommendations for improvement, post completion of an assignment. o Ensuring completion of the testing LOD2 reviews and adherence to the validated internal timelines. Contribute to the maturity of the services provided by the CICEP platform by: o Enhancing the CICEP methodology and tools required to perform the ICT control reviews. o Identifying the areas of improvement (lessons learned) for ICT control reviews and proactively working with the relevant stakeholders to implement these enhancements. o Proactively supporting the standardisation of practises (workpapers, reports, templates etc.) across the CICEP platform (India and Portugal). Proactively contributes to the usage and enhancement of Group methodologies and tools for LOD2 control testing reviews. Provides upon request of business or the Operational Risk Officer(s), provides advice on ICT controls related to IT and cyber risk management. Actively participates in the monitoring of the LOD2 ICT control results, and their reporting to senior management. Works in collaboration with other stakeholders from business and RISK ORM teams to contribute towards influencing the ICT risk culture of The Bank. Improves the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Deliver quarterly CICEP KPI report in a timely and accurate manner, working in conjunction with the functional and the CoE managers. Manage the growth, productivity and efficiency of the CICEP platform and ensure a good continuity of its services. Provide, at least once a year for the European Supervisor, a regular and complete analysis and of the ICT Lod2 control highlighting key messages for the General Management. Contributing Responsibilities Collaborates at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements. Effectively contributes to the CoE, RISK India Hub and ISPL on Group mandates, objectives and priorities. Lead by example, demonstrating effective Leadership in the CICEP team leading to CoE as a positive place to work in conjunction with the Head of India CoE. Participates to the recruitment for the CoE. Technical Behavioral Competencies SKILLS, EXPERIENCE AND COMPETENCIES Skills Required 7+ years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution. Ability to manage the team and its workload independently to meet their targets, and priorities set in conjunction with management. Must be able to interface and coordinate work efficiently, and effectively with business partners. Excellent analytical skills being able to come to a thoughtful and business focused conclusion quickly. Good communication, listening and influencing skills, including ability to articulate complex issues and incorporate feedback. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Team player focus on the success of the whole team. Working well both with others, as well as individually. Ability to work under strict timelines and at pressure situations to manage the delivery. Open to work under global time zones as required for workshops or stakeholder discussions. Skills Preferred Team management capabilities. Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Competencies: University degree (technical), and/or certification such as ISO27001, CISA. Professional qualifications/trainings relevant to technology and/or cyber risk (e.g. change management, outsourcing, vulnerability management, cloud security, etc.). Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) Bachelors degree, and certification in Information Systems Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Ability to deliver / Results driven Ability to deliver / Results driven Ability to collaborate / Teamwork Transversal Skills: (Please select up to 5 skills) Ability to develop others improve their skills Ability to inspire others generate people's commitment Ability to set up relevant performance indicators Analytical Ability Ability to develop and leverage networks Education Level: Bachelor Degree or equivalent Experience Level At least 12 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to Information Security, Risk Management is a strong plus (ISO 27001, ISO 31000, CISSP, CRISC, CISM, CISA, CCSP) preferred.

Position Purpose The role of the Third-Party Technology Risk Management Analyst / Consultant is to implement the set of operational activities to be carried out within BNP Paribas (Group entities) to manage ICT Cyber risks for the beneficiaries of sourcing (Outsourcing, purchasing shoring) initiatives supported by ICT service providers and third parties involved in ICT projects or business projects with ICT components. She/he can operate within TPTRM scope governance, providers, beneficiaries SMEs spread throughout global region. As part of his role, she/ he will have to work closely with German stakeholders. Especially, she / he will help clients assess the risks associated to their arrangement and provide recommendations for managing those risks.. Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Instruct the 5 European Bank Authority ICT risks categories and follow them throughout TPTRM assessments Participate in Initialization Committee/ Validation Committee Go-Live committee for Supporting specific arrangements and results Provide support to beneficiary / contract owner to implement residual actions Facilitate the business/sponsor/beneficiary/SME decision-making with deep analysis based on relevant flagged risk families Provide support to contract owners and coordinate/ assist to ensure proper assessments are done Manage TPTRM inventory with follow-up tracker management Contribute to process improvement, upkeep with new policies, regulations, standards guidelines Technical Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS Demonstrate knowledge of Risk Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Good IT knowledge Technical : - Good understanding of organizations and IT Businesses - Good technical understanding of infrastructures and IT Security Productions and Systems - IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc. - Knowledge of Cyber Resilience, IT continuity and business continuity - GRC - Governance, Risk Management and Compliance Management. - Firewall and Internet technologies; Cloud Security, Banking Tools Technologies. - Secure access control mechanisms; Encryption and Key management technics Behavioral : - Strong Communication, Analytical and problem-solving skills. - Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills - Good documentation and reporting skills - Ability to work independently - Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users - Good communication, technical writing/diagramming skills - Attention to detail and accuracy Specific Qualifications (if required) - One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+. - IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. - IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001) - Regulatory Compliance MBA in Finance/Systems/IT, Masters in Technology, Bachelor of Commerce, Masters in Commerce, Bachelor in Science, Bachelor in Technology Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral written Attention to detail / rigor Ability to deliver / Results driven Creativity Innovation / Problem solving Choose an item. Choose an item. Choose an item. Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage a project Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Other/Specific Qualifications (if required) CISA/CISSP/CISM/CRISC

About the Role: Grade Level (for internal use): 09 S&P Global Corporate About the Role: Cyber Risk Analyst - This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors. Primary responsibilities will include assessing Cybersecurity, Business Continuity controls for S&P third parties by conducting control risk assessments, risk recertifications, and continuously monitoring the vendors engaged by S&P. The Team: As part of Vendor Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that large number of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the result Responsibilities and Impact: Working in Vendor Risk Management offers the opportunity to continuously enhance processes to meet the evolving requirements of various regulators. This challenging environment provides ample opportunities to expand your knowledge and expertise. In addition to risk assessments, recertification, and continuous monitoring, you will participate in various projects, allowing you to showcase and further develop your skills and experience. Conduct thorough Cybersecurity, Business Continuity, Artificial Intelligence, Cloud Service Prover and Privacy assessments for Vendors, evaluating their information security policies, procedures, and controls. Effectively collaborate with internal teams to identify critical vendors and assess their potential impact on the organization's cyber risk profile. Communicate risk assessment findings and recommendations to key stakeholders, including senior management, legal, and compliance teams. Work closely with vendors to address identified security gaps and ensure they meet the organization's cybersecurity requirements. Review the vendors on the continuous monitoring program and assisting in driving the periodically review the vendors. Monitor and stay abreast of evolving cybersecurity threats and industry trends to enhance the effectiveness of the risk assessment process. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Bachelors degree in computer science or engineering or equivalent. Minimum 3 years of experience in Information Security or Technology Risk Management Any prior exposure to vendor risk management and/ or privacy laws and regulations is a plus. Demonstrable understanding of the concepts of technology controls and information security controls. Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred. Excellent communication skills - a must. The resource should have the ability to communicate with cross-functional teams and vendors, both written and oral communication is critical. Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage. Whats In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwideso we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: Its not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awardssmall perks can make a big difference.

Required Skills: Cyber Risk Risk Mitigation Strategies for Security Controls SAST and DAST Tools Profile: - 5+ years of experience in application/API security, risk management, or related fields - Strong understanding of application security architecture, compliance frameworks, and risk management principles - Experience with application security assessments, risk assessments, and security controls implementation - Excellent analytical, problem-solving, and communication skills - Familiarity with cloud security framework, tools, and technologies (e.g., OSWAP, CSPM, CWPP, CIEM, DAST/SAST) - Certifications in cloud security, risk management, or related fields (e.g., CCSK, CRISC, CISSP) Job Summary: We are seeking a seasoned Cyber Risk Consultant to assess and mitigate risks associated with our private cloud control plane (API Services). The successful candidate will perform risk assessments, identify vulnerabilities, and develop strategies to optimize security and compliance in control plane. Responsibilities: - Conduct risk assessments and security evaluations of private cloud control plane services (API Services) - Identify and prioritize vulnerabilities, threats, and potential attack vectors - Develop and implement risk mitigation strategies and security controls - Evaluate security configurations, policies, and procedures - Assess compliance with industry standards and regulatory requirements (e.g., NIST, SOC 2, PCI-DSS, OSWAP) - Develop and maintain risk management frameworks, playbooks, and reporting dashboards - Stay current with emerging application/API security threats and technologies - Communicate risk and security recommendations to stakeholders