FIS is a global financial technology provider serving some of the world’s largest banks. For clients like Citi, BMO, and Bank of America, security is not just a promise, it’s a contractual obligation.
Even after hiring 23 in‑house penetration testers, FIS still faced three critical needs:
Independent validation for client‑mandated external penetration tests
A trusted partner for urgent, ad‑hoc assessments when internal teams were at capacity
Executive‑ready reporting that could withstand scrutiny from highly regulated, risk‑averse financial institutions
Legacy contractual requirements added another layer of complexity. One Citi agreement required Prescient Security to perform retests end‑to‑end:
FIS Global requests retest → Citi submits retest → Prescient Security executes → FIS Global uploads report
FIS Global needed an external partner that could deliver technical depth, clear reporting, and smooth collaboration across both internal and client‑driven workflows.
Rather than a series of one‑off tests, FIS Global and Prescient Security built a programmatic partnership tailored to FIS Global’s mature security organization.
Alicia DeJesus, Program Manager at FIS Global, oversees all third‑party penetration testing.
The Prescient Security relationship, originally managed by Genevieve Schutz and later supported by multiple Prescient Security contacts (from Joe Dries to Jerrod Baker), has remained stable and high‑trust throughout transitions.
Over time, Prescient Security has effectively become a familiar extension of FIS Global’s internal team.
FIS Global and Prescient Security established a bi‑weekly touch base, a cadence unique among FIS Global vendors. These sessions are used to:
Plan and prioritize annual and client‑mandated tests
Clarify scope, timelines, and expectations before work starts
Surface and resolve issues early, before they impact client commitments
Most other vendors do not have a standing meeting, underscoring the depth of this partnership.
For annual tests with unchanged scope (same URL, same app version):
FIS Global sends an engagement profile.
Prescient Security drafts the SOW based on the previous year’s work.
If there are meaningful changes like new functionality, new URLs, or updated risk considerations, the teams hold a focused scoping call. This balance keeps engagements accurate and efficient without unnecessary admin overhead.
For legacy models like the Citi retest process, Prescient Security:
Operates within the required, multi‑step workflow
Executes retests quickly and thoroughly
Produces clear, aligned follow‑up reports to help FIS Global satisfy Citi’s expectations
Even operational details—such as occasional SOW number confusion—are handled openly in the standing cadence, allowing both teams to continually refine and improve the process.
As FIS Global’s internal penetration testing team has grown, Prescient Security’s role has evolved from general provider to strategic, high‑impact partner.
FIS Global turns to Prescient Security for:
Client‑mandated external tests for major financial institutions (Citi, BMO, Bank of America)
Urgent, ad‑hoc engagements when timelines are tight and internal teams are fully utilized
These are some of FIS Global’s most visible, scrutinized engagements—where reliability, speed, and clarity matter most.
FIS Global consistently highlights Prescient Security’s reporting quality as a differentiator:
Precise, clearly structured findings
Intuitive categorization that make severity and impact obvious
Formats that work for both technical teams and non‑technical decision‑makers
The result:
Faster prioritization and remediation
Smoother communication of risk and status to banking clients
Fewer back‑and‑forth cycles compared to less structured reports
The bi‑weekly touch base has become a cornerstone of the relationship:
Complex pipelines of tests and retests stay organized and predictable
Blockers and ambiguities are resolved quickly
Both sides share clear visibility into near‑term and upcoming work
Even as overall outsourced volume has declined, this level of integration is why FIS Global continues to rely on Prescient Security for its most sensitive and timecritical projects.
Legacy elements like the Citi retest model or SOW number reuse aren’t ignores, they’re treated as joint optimization opportunities. Prescient Security’s transparent, collaborative approach has helped FIS Global:
Manage complexity today
Explore options like bringing some retests in‑house
Continuously refine workflows and administrative practices
Lessons Learned
Quality and collaboration matter more than volume.
As FIS Global expanded its internal testing team, only vendors delivering exceptional technical depth, reporting clarity, and communication maintained a strategic role. Prescient Security did—and its work became even more focused and high‑impact.
A real cadence turns a vendor into a partner.
The bi‑weekly sync is more than a meeting; it’s the mechanism that keeps both sides aligned on priorities, timelines, and improvements.
Legacy processes should be co‑owned, not blamed.
Complex client‑driven workflows are inevitable in financial services. Handling them collaboratively—while continuously looking for ways to streamline—keeps relationships strong and outcomes predictable.
Small administrative details have big consequences.
Clear SOW conventions, status visibility, and shared context reduce friction and keep attention on what matters most: meaningful security outcomes for FIS Global and its banking clients.
“The bi‑weekly touch base with Prescient Security is unique among our vendors and critical for keeping a high volume of tests and retests on track.”
“Their report format is highly valued, especially the clear breakdown of findings like M1 and M2. It makes it much easier to communicate risk and remediation status internally and to our banking clients.”
“We primarily use Prescient Security for client‑mandated testing and urgent ad‑hoc needs; they’re a trusted partner when the stakes are highest.”