6 Soc Audits Jobs

Responsibilities Calling all innovators - find your future at Fiserv. We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv. Job Title Specialist, Risk Assurance What does a successful Risk and Compliance Specialist do at Fiserv: Fiserv is seeking a skilled risk and compliance Specialist to join its Enterprise Risk and Controls team. This dynamic role spans multiple responsibilities, including Third Party Risk Assessments for vendors and support for PCI and SOC audits as part of the organization's Third-Party Audit initiatives. The position is ideal for professionals who are adaptable and eager to contribute across various risk programs within the department. The role primarily centers on contributing to the Third Party Risk Management (TPRM) function. It involves gaining a comprehensive understanding of security policies, standards, and related processes within the scope of the TPRM program. Leveraging strong assessment capabilities, you will ensure that vendor-related risks are effectively identified, evaluated, mitigated, and continuously monitored to uphold the highest standards of security and compliance. What you will do: Developing detailed understanding of security policies, standards, and associated processes as it pertains to third party risk management program. 5-8 years of experience in the domains such as risk and compliance, information security Driving collaboration between cross-functional stakeholders and facilitating strong partnership with Fiserv Business Units Capability of contributing to TRPM Risk transformation projects in alignment with organization strategy. Responsible for independently conducting third-party risk assessment in line with security standards, practices encompassing people, process and technology controls Proficient in reviewing documentation including but not limited to security policies, processes, SOPs, third party audit/assurance reports including SOC 2, PCI AOC/ROC/ROV/SAQ, ISAE, ISMS, penetration testing, vulnerability scanning reports to identify gaps/exceptions Responsible for monitoring, tracking risks through closure by collaborating with multiple constituents including internal and external stakeholders ensuring auditable results are maintained throughout the engagement. Ensure accurate and timely review responsible for well-written observations, and walking stakeholders through the process lifecycle as needed Lead and participate in regional and global TPRM governance forums and liaise with business stakeholders. Document and maintain the relevant documentation. Establish trust and credibility with key partners develop and foster constructive professional relationships with multiple stakeholders including but not limited to executive and line management, risk officers, risk contacts and third-party contacts Work on vendor events, liaison with business stakeholders and follow-up with vendors Mentor and train Junior team members on Vendor Risk Assessment program. What you will need to have: Bachelor's Or Master's degree from an accredited university is preferred, equivalent work experience will be considered. 5- 8 years of experience in IT Risk and Compliance Management or Information Security domain Good interpersonal, written/verbal communication, and organizational skills Ability to handle internal and external discussions/interactions issues in a professional, assertive, and proactive manner Ability to work effectively within a matrixed organization Strong organizational and time management skills with Global stakeholder management Strong MS office skills (Microsoft Excel, Word, PowerPoint, and SharePoint) Exposure to GRC ( Governance, Risk and Compliance tools) What would be great to have: Financial services experience, including working in highly regulated environments Knowledge of IT audit, ISO 27001, ITIL, Vendor Risk Management process Ability to interact across all levels of management Attention to detail with a commitment to high-quality standards A successful track record for delivering results in a timely manner Industry Certifications: CISA, CRISC, CTPRA, ISO 27001 LA/LI or equivalent etc.) Thank you for considering employment with Fiserv. Please: Apply using your legal name Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable). Our commitment to Diversity and Inclusion: Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law. Note to agencies: Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions. Warning about fake job posts: Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.

As someone working in the Insurance Industry, you will be responsible for various key tasks related to release management, change management, vulnerability management, and more. Your expertise in tools like JIRA, ServiceNow, and Fortify will be crucial for the successful implementation of production releases. Your responsibilities will include handling L1 and L2 tickets to meet SLA guidelines, creating projects in JIRA, and managing application access in an automated manner. In addition to your technical skills in Java, Linux, and HTML, you will play a vital role in coordinating with different stakeholders, both internally and externally, to ensure smooth operations. Your experience in working with multiple vendors and geographically distributed teams will be essential for effective collaboration and project success. You will also be involved in change control meetings and advisory board sessions to facilitate seamless transitions. Your role will require you to review post-implementation issues arising from releases, manage ServiceNow user access removal requests, and troubleshoot tool-related issues efficiently. You should be adept at running scan reports, addressing tool problems, and guiding teams in resolving them. Your ability to identify the severity of vulnerability issues and assist project teams in implementing fixes will be crucial for maintaining system security. Moreover, you will be expected to handle code moves, ASAM tickets, and SOC audits with diligence. Your knowledge of handling ISO and SOC audits, along with your experience in coordinating with project teams on scan template reviews, will be valuable assets in this role. Your proactive approach in managing relationships between different teams and ensuring effective communication will contribute to the overall success of the projects. Preferred Skills: - Technology: Application Security, Vulnerability Management - Process: Configuration Management, Release Management,

As a member of the KGS team, your primary role will involve conducting assessments of IT risks and controls, including general IT controls and automated controls within information systems to support external audit engagements. You will be responsible for performing IT audit procedures, such as IT risk assessments, General IT Controls, IT Application Controls, large System Implementations, and Data Conversions in alignment with financial statement audits and internal controls over financial reporting. Leading a team, you will evaluate and review the design and operational effectiveness of technology controls related to Clients Internal Controls Over Financial Reporting. You will also oversee SOC 1 and SOC 2 (System and Organization Controls) SSAE18 assessments following the AICPA attestation standards. Your role will involve identifying opportunities for efficient engagement delivery and internal process improvements, managing multiple assignments and teams across locations, and overseeing engagement economics and operational aspects. You will promote a culture of prioritizing quality in all client interactions and assignments. Contributing to the Knowledge Management agenda, you will lead team members in technical knowledge content development and trainings. Leading by example, you will inspire and nurture a high-performing team to achieve their full potential. Providing constructive feedback to team members will be essential in helping them exceed expectations in their roles. Mandatory technical skills for this role include experience in leading global teams conducting SOX and SOC audits, knowledge of PCAOB Auditing standards and AICPA requirements, and evaluating risks across various IT platforms. A strong understanding of frameworks like COBIT, COSO, and HITRUST, as well as knowledge of different industry sectors and business processes, is crucial. Preferred technical skills include staying updated on trends in Emerging Technologies like Cloud computing, Agile, Blockchain, and Automation, proficiency in MS Office applications, and experience in proposal development for clients. Key behavioral attributes required for this role include strong leadership skills, ability to manage multicultural teams, an inspirational and ethical work ethic, innovative and analytical mindset, critical thinking abilities, and excellent written and verbal communication skills. Qualifications for this role include an educational qualification of BE / B-Tech; Post-Graduates (MBA / MCA / MTech), certifications like CISA, CISSP preferred, and a minimum of 7-10 years of relevant experience with 1-2 years in a similar role, preferably with a Big 4 firm.,

Information Security Technical writer team seeks an experienced Senior Technical Writer to drive, create and update IT related documentation. This may include developing new policies and standard operating procedures (SOPs) to comply with industry standards and frameworks, contractual obligations, or local law, updating and maintaining existing procedures, liaising with appropriate personnel to ensure that compliance workflow management systems are configured in accordance with documented procedures, managing the policy lifecycle end to end. This position will work closely with subject matter experts such as software development teams, Enterprise IT, HR, and Legal team leads and stakeholders. What you'll do: Connect with subject matter experts and proactively manage your own learning to become familiar with our technology offerings, internal controls landscape, and internal compliance processes. Work with compliance and audit team members and other subject matter experts and functional leads to implement timely and effective edits until documentation is ready for publication on time. Suggest improvements to documentation and processes whenever possible, eventually demonstrating ownership of the technical writing function. Adhere to design template and company style guide while organizing and writing documentation. Assist with development and maintenance of applicable training and educational material (e.g., byte sized informational modules to educate end users on appropriate use of documented policies) Develop and propose documentation plans and outlines for new procedures, user/training guides and supporting materials; estimating project length and keeping everyone involved on time. Enhance and maintain existing documentation to deadline. Proactively manage the policy lifecycle (development, periodic review and approval, version control, publishing of approved policies and procedures to the company intranet). Work with appropriate personnel to make sure that ZSs compliance workflow management systems are always in sync (configured) with newly documented or updated policies. Perform additional duties as required from time to time. What you'll bring: BS/BA in English, Journalism, Communications, Technical Writing, Computer Science, or other relevant field of study required. 3.5 - 5 yearstechnical writing experience, preferably documenting IT policies and procedures. Experience with Visio or other process flow visualization tool, Snagit tool required. Superior writing, editing, and communication skills required. Excellent command over the English language (especially grammar and sentence composition skills) required. Strong experience using Microsoft Suite (Word, Excel, PowerPoint, OneNote, Outlook etc.). Experience with authoring tools (e.g., MadCap Flare or any other authoring tool) will be an added advantage. Familiarity/working knowledge of various compliance frameworks (e.g., ISO 27001, ISO 22301, ISO 27702, HITRUST, PCI DSS, SOC Audits) preferred. Experience learning about and communicating complex topics. Outstanding organizational/time management, planning and prioritization skills.

Job Responsibilities Primarily perform SOC audits, along with ITGCs support, HITRUST certifications, and ISO assessments. Learn the client's platform structure, security, and software. Learn the clients system and control environment and how it impacts their associated customer users. Exercise professional skepticism in the critical assessment of audit evidence. Possess knowledge of Windows and/or UNIX-based operating systems, SQL and other databases, cloud environments, application change management methodologies and security best practices. Thoroughly evaluate assigned areas of fieldwork and identify potential points for improvement. Develop an understanding of client businesses related to assigned engagements. Know and apply specialized knowledge, for example, the SOC Trust Services Criteria and SOC report framework, and the rules, regulations, and code of ethics of the AICPA. Requirements Degree in Accounting, Management Information Systems (MIS), Information Technology, or related field. Minimum of 1 year of Public Accounting experience, with some exposure to SOC, HITRUST or ISO engagements. Ability to identify internal control deficiencies and document management letter comments for purposes of communicating deficiencies and weaknesses to clients. Demonstrate knowledge or interest in information technology. Working knowledge of the Microsoft Office Suite and Adobe Acrobat Engagement. Achieved or working towards CPA or CISA certification. Masters degree in Accounting, Finance, or a related field.

Information Security Technical writer team seeks an experienced Senior Technical Writer to drive, create and update IT related documentation. This may include developing new policies and standard operating procedures (SOPs) to comply with industry standards and frameworks, contractual obligations, or local law, updating and maintaining existing procedures, liaising with appropriate personnel to ensure that compliance workflow management systems are configured in accordance with documented procedures, managing the policy lifecycle end to end. This position will work closely with subject matter experts such as software development teams, Enterprise IT, HR, and Legal team leads and stakeholders. What you'll do: Connect with subject matter experts and proactively manage your own learning to become familiar with our technology offerings, internal controls landscape, and internal compliance processes. Work with compliance and audit team members and other subject matter experts and functional leads to implement timely and effective edits until documentation is ready for publication on time. Suggest improvements to documentation and processes whenever possible, eventually demonstrating ownership of the technical writing function. Adhere to design template and company style guide while organizing and writing documentation. Assist with development and maintenance of applicable training and educational material (e.g., byte sized informational modules to educate end users on appropriate use of documented policies) Develop and propose documentation plans and outlines for new procedures, user/training guides and supporting materials; estimating project length and keeping everyone involved on time. Enhance and maintain existing documentation to deadline. Proactively manage the policy lifecycle (development, periodic review and approval, version control, publishing of approved policies and procedures to the company intranet). Work with appropriate personnel to make sure that ZSs compliance workflow management systems are always in sync (configured) with newly documented or updated policies. Perform additional duties as required from time to time. What you'll bring: BS/BA in English, Journalism, Communications, Technical Writing, Computer Science, or other relevant field of study required. 3.5 - 5 yearstechnical writing experience, preferably documenting IT policies and procedures. Experience with Visio or other process flow visualization tool, Snagit tool required. Superior writing, editing, and communication skills required. Excellent command over the English language (especially grammar and sentence composition skills) required. Strong experience using Microsoft Suite (Word, Excel, PowerPoint, OneNote, Outlook etc.). Experience with authoring tools (e.g., MadCap Flare or any other authoring tool) will be an added advantage. Familiarity/working knowledge of various compliance frameworks (e.g., ISO 27001, ISO 22301, ISO 27702, HITRUST, PCI DSS, SOC Audits) preferred. Experience learning about and communicating complex topics. Outstanding organizational/time management, planning and prioritization skills.