Information Security Audit and Compliance Manager

Calling all innovators - find your future at Fiserv. We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv. Job Title Information Security Audit and Compliance Manager What does a successful Information Security Audit and Compliance Manager do at Fiserv? At Fiserv, the Information Security Audit and Compliance Manager leads end-to-end audits across information technology, cybersecurity, Development, Security, and Operations (DevSecOps), and integrated activities using Agile audit methods to evaluate control design and operating effectiveness. They partner with technology, application, and security teams to strengthen governance, data protection, and privacy across critical systems. Their work drives measurable improvements in control effectiveness and regulatory compliance. What you will do: Lead and execute risk-based audits across IT governance, service delivery, project delivery, system development lifecycle, networks, infrastructure, and applications to assess control design and operating effectiveness. Plan engagements: develop scope documents, perform process walkthroughs, build risk and control matrices, and align controls to Federal Financial Institutions Examination Council (FFIEC), National Institute of Standards and Technology (NIST) Special Publication 800‑53, Center for Internet Security (CIS), Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG), Federal Risk and Authorization Management Program (FedRAMP), and Cybersecurity Maturity Model Certification (CMMC) frameworks. Apply Agile audit practices to prioritize the audit backlog, iterate testing, and deliver incremental reporting that accelerates remediation. Execute testing in Microsoft Azure and Azure Government (GovCloud) environments; obtain and evaluate audit evidence; document findings, root cause, and risk; and validate proofs of closure. Coordinate with technology, security, and business stakeholders to validate issues, recommend actionable remediation, and support follow-up testing. Review and update information security audit procedure documents; annually evaluate baseline security controls and update documents and test plans accordingly. Assess controls across Identity, Credential, and Access Management (ICAM); authentication and authorization including single sign-on (SSO) and identity federation; Zero Trust; defense‑in‑depth; data protection; operating system hardening; network security; Continuous Diagnostics and Mitigation (CDM); alerting; audit trails; and incident response. What you will need to have: 5+ years of experience auditing information technology or security processes and operations across IT governance, service delivery, system development lifecycle, networks, infrastructure, and applications. 5+ years of cybersecurity audit experience with Microsoft Azure and Azure Government (GovCloud), including evidence collection, control testing, and reporting. Experience mapping and testing controls against FFIEC, NIST 800‑53, CIS benchmarks, DISA STIGs, FedRAMP requirements, and CMMC practices. Experience collaborating directly with external clients, business leadership, and independent auditors to drive remediation and measurable improvements in control effectiveness and regulatory compliance. Ability to develop scope documents, perform process walkthroughs, build risk and control matrices, and write clear, defensible audit findings with risk statements and recommendations. Hands-on knowledge of ICAM; authentication and authorization including SSO and identity federation; Zero Trust; defense-in-depth; data protection; operating system hardening; network security; CDM; alerting; audit trail design; and incident response. Bachelor’s degree and/or equivalent combination of education, related experience and/or military experience. What will be great to have: Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or CompTIA Security+, or equivalent credentials. Experience performing audits in public sector environments (e.g., FedRAMP High, DISA STIG hardening) or supporting CMMC readiness assessments. Experience using data analytics and scripting (e.g., SQL, Python or similar object-oriented language) to automate control testing and evidence analysis. How you'll work: This role is on-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity. Sponso Apply tot his job Apply To this Job