Job Description :
Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Technology Risk team for Enterprise Cybersecurity (ECS) within Enterprise Technology Risk & Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to join the team.
You will help enhance and manage the core program activities, this includes defining and executing the technology risk strategy and program, and working with Technology, Operations and Risk teams to holistically manage risk.
You will work closely with the various ETRA Centers of Excellence (COEs) including performing proactive risk and control assessments, monitoring technology controls, supporting external and internal audits, documenting, and overseeing remediation plans.
You will also provide appropriate risk and controls consulting on ECS Emerging Technologies activities. This will include performing IT General Control reviews and engaging with ECS Technology teams and External Audit teams.
The individual in this role will be based in Merrimack, North Carolina, or Smithfield and report to the Director, Technology Risk Management within the ETRA team.
The individual will work closely with multiple ETRA COEs, Enterprise Cybersecurity, Enterprise Business Resiliency (EBR), Corporate Audit, Compliance, Information Security Officers (ISOs), and Fidelity external auditors and regulators.
The Expertise We’re Looking For
5-9 years’ experience in Information Technology Risk, Cybersecurity, Controls, BCP / DR, Audit and / or Compliance roles
Bachelor’s Degree in Computer Science, Technology, or a related field of study preferred
Demonstrated technical abilities in multiple areas (e.g., cybersecurity, access management, resiliency, DLP, technology infrastructure and application controls, network and cloud, etc.)
Experience performing Technology risk assessments, Control assessments or IT Audits
Ability to represent complex programs to external auditors and regulators
Experience or knowledge of cloud-based deployments, DevOps, and associated risk / controls and auditing requirements preferred
Professional technology risk certifications or interest in perusing (CISSP, CISA, CRISC, CISM) preferred
The Skills You Bring
You have a strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
Your ability to manage multiple projects concurrently and to work under pressure to meet tight time commitments
Experience performing Risk Assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations (mainframe, distributed, network and cloud environments)
Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC1, SOC2, ISO27001, ISO27701, ISO22301
Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
Understanding of application development, deployment, and management patterns, especially DevOps and CI / CD practices is preferred
Knowledge of Cloud security and controls and cloud technology environments (AWS / Azure, SaaS) is preferred
Your excellent verbal and written communication skills enabling you to prepare and present recommendations to business partners and senior management
Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel
The Value You Deliver
Assessing the various Cybersecurity and information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
Conducting in depth information technology risk assessments including documenting controls, identifying potential gaps and / or inconsistencies and making sound recommendations for improvement and / or mitigation.
Conducting readiness reviews and IT General Control reviews for large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and necessary controls are in place
Understanding and consulting on information security standards and industry best practices
Enabling our business partners to meet their external audit and regulatory requirements
Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
Reviewing risk around resiliency including those for third party vendors to ensure appropriate plans and controls are in place
Providing risk perspective on new and updated Cybersecurity policies
Providing risk perspective for technology incidents, track risk findings related to incidents, and serve as a liaison for technology risk management
Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
Assist with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment