Principal Technology Risk Analyst
Fidelity Investments
Durham
1d ago

Job Description :

Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Technology Risk team for Enterprise Cybersecurity (ECS) within Enterprise Technology Risk & Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to join the team.

You will help enhance and manage the core program activities, this includes defining and executing the technology risk strategy and program, and working with Technology, Operations and Risk teams to holistically manage risk.

You will work closely with the various ETRA Centers of Excellence (COEs) including performing proactive risk and control assessments, monitoring technology controls, supporting external and internal audits, documenting, and overseeing remediation plans.

You will also provide appropriate risk and controls consulting on ECS Emerging Technologies activities. This will include performing IT General Control reviews and engaging with ECS Technology teams and External Audit teams.

The individual in this role will be based in Merrimack, North Carolina, or Smithfield and report to the Director, Technology Risk Management within the ETRA team.

The individual will work closely with multiple ETRA COEs, Enterprise Cybersecurity, Enterprise Business Resiliency (EBR), Corporate Audit, Compliance, Information Security Officers (ISOs), and Fidelity external auditors and regulators.

The Expertise We’re Looking For

  • 5-9 years’ experience in Information Technology Risk, Cybersecurity, Controls, BCP / DR, Audit and / or Compliance roles
  • Bachelor’s Degree in Computer Science, Technology, or a related field of study preferred
  • Demonstrated technical abilities in multiple areas (e.g., cybersecurity, access management, resiliency, DLP, technology infrastructure and application controls, network and cloud, etc.)
  • Experience performing Technology risk assessments, Control assessments or IT Audits
  • Ability to represent complex programs to external auditors and regulators
  • Experience or knowledge of cloud-based deployments, DevOps, and associated risk / controls and auditing requirements preferred
  • Professional technology risk certifications or interest in perusing (CISSP, CISA, CRISC, CISM) preferred
  • The Skills You Bring

  • You have a strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
  • Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
  • Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
  • Your ability to manage multiple projects concurrently and to work under pressure to meet tight time commitments
  • Experience performing Risk Assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations (mainframe, distributed, network and cloud environments)
  • Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC1, SOC2, ISO27001, ISO27701, ISO22301
  • Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
  • Understanding of application development, deployment, and management patterns, especially DevOps and CI / CD practices is preferred
  • Knowledge of Cloud security and controls and cloud technology environments (AWS / Azure, SaaS) is preferred
  • Your excellent verbal and written communication skills enabling you to prepare and present recommendations to business partners and senior management
  • Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel
  • The Value You Deliver

  • Assessing the various Cybersecurity and information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
  • Conducting in depth information technology risk assessments including documenting controls, identifying potential gaps and / or inconsistencies and making sound recommendations for improvement and / or mitigation.
  • Conducting readiness reviews and IT General Control reviews for large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and necessary controls are in place
  • Understanding and consulting on information security standards and industry best practices
  • Enabling our business partners to meet their external audit and regulatory requirements
  • Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
  • Reviewing risk around resiliency including those for third party vendors to ensure appropriate plans and controls are in place
  • Providing risk perspective on new and updated Cybersecurity policies
  • Providing risk perspective for technology incidents, track risk findings related to incidents, and serve as a liaison for technology risk management
  • Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
  • Assist with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment
  • Certifications :

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form