Information Security Audit and Compliance Manager

What does a successful Information Security Audit and Compliance Manager do at Fiserv

At Fiserv the Information Security Audit and Compliance Manager leads end-to-end audits across information technology cybersecurity Development Security and Operations (DevSecOps) and integrated activities using Agile audit methods to evaluate control design and operating effectiveness. They partner with technology application and security teams to strengthen governance data protection and privacy across critical systems. Their work drives measurable improvements in control effectiveness and regulatory compliance.

What you will do:

• Lead and execute risk-based audits across IT governance service delivery project delivery system development lifecycle networks infrastructure and applications to assess control design and operating effectiveness.

• Plan engagements: develop scope documents perform process walkthroughs build risk and control matrices and align controls to Federal Financial Institutions Examination Council (FFIEC) National Institute of Standards and Technology (NIST) Special Publication 80053 Center for Internet Security (CIS) Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG) Federal Risk and Authorization Management Program (FedRAMP) and Cybersecurity Maturity Model Certification (CMMC) frameworks.

• Apply Agile audit practices to prioritize the audit backlog iterate testing and deliver incremental reporting that accelerates remediation.

• Execute testing in Microsoft Azure and Azure Government (GovCloud) environments; obtain and evaluate audit evidence; document findings root cause and risk; and validate proofs of closure.

• Coordinate with technology security and business stakeholders to validate issues recommend actionable remediation and support follow-up testing.

• Review and update information security audit procedure documents; annually evaluate baseline security controls and update documents and test plans accordingly.

• Assess controls across Identity Credential and Access Management (ICAM); authentication and authorization including single sign-on (SSO) and identity federation; Zero Trust; defenseindepth; data protection; operating system hardening; network security; Continuous Diagnostics and Mitigation (CDM); alerting; audit trails; and incident response.

What you will need to have:

• 5 years of experience auditing information technology or security processes and operations across IT governance service delivery system development lifecycle networks infrastructure and applications.

• 5 years of cybersecurity audit experience with Microsoft Azure and Azure Government (GovCloud) including evidence collection control testing and reporting.

• Experience mapping and testing controls against FFIEC NIST 80053 CIS benchmarks DISA STIGs FedRAMP requirements and CMMC practices.

• Experience collaborating directly with external clients business leadership and independent auditors to drive remediation and measurable improvements in control effectiveness and regulatory compliance.

• Ability to develop scope documents perform process walkthroughs build risk and control matrices and write clear defensible audit findings with risk statements and recommendations.

• Hands-on knowledge of ICAM; authentication and authorization including SSO and identity federation; Zero Trust; defense-in-depth; data protection; operating system hardening; network security; CDM; alerting; audit trail design; and incident response.

• Bachelors degree and/or equivalent combination of education related experience and/or military experience.

What will be great to have:

• Professional certifications such as Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) or CompTIA Security or equivalent credentials.

• Experience performing audits in public sector environments (e.g. FedRAMP High DISA STIG hardening) or supporting CMMC readiness assessments.

• Experience using data analytics and scripting (e.g. SQL Python or similar object-oriented language) to automate control testing and evidence analysis.

How youll work:

• This role is on-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity.

Sponsorship:

You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including but not limited to F-1 (OPT CPT STEM) H-1B H-2 or TN or any candidate requiring sponsorship now or in the future will not be considered for this role.

Benefits at Fiserv:

• Fuel Your Life program to support your physical financial social and emotional well-being.

• Paid holidays and generous time away policies.

• No-cost mental health support through Employee Assistance Programs.

• Living Proof program to recognize your peers extra effort with points redeemable for .rewards.

• Eight Employee Resource Groups to foster a collaborative culture and expand your network.

• Unparalleled professional growth with training development and internal mobility opportunities.

• Medical dental vision life and disability insurance options available from day one.

• Retirement planning and discounted shares with the Employee Stock Purchase Plan.

• Tuition assistance and reimbursement program.

• Paid parental caregiver and military leave.