Job Description
Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Technology Risk team for Corporate Services Technology (CST) within Enterprise Technology Risk & Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to join the team. You will help evaluate risks, technology, financial, reputational, and regulatory, enhance and manage the core program activities, which includes defining and executing the technology risk strategy and program, and working with Technology Operations and Risk teams to holistically manage risk. You will work closely with the various ETRA Centers of Excellence (CoEs), including performing proactive risk and control assessments, monitoring technology controls, documenting and overseeing remediation plans. You will also provide appropriate risk and controls consulting on key CST initiatives and Emerging Technologies activities and engage with Corporate Services Technology teams and Senior leadership, Internal Audit, and External Audit teams.
The Team
You will report to the Corporate Services Technology Risk Director. The Technology Risk team oversees the management of controls and the mitigation of risk related to the technology environment, systems, and processes within Corporate Services. Technology Risk is part of the broader Legal Risk and Compliance (LRC) group and partners with Corporate Audit, Enterprise Compliance and Security to protect the interests of our customers, our employees, and Fidelitys brand. You will also work closely with Fidelity technology and business owners, Corporate Services Operations Risk and Compliance teams, Enterprise Cybersecurity (ECS) Information Security Officers (ISOs), CST Corporate Audit team, and Fidelity external auditors and regulators.
The Expertise
You have:
• 7 years of experience in information technology risk, cyber security controls, or audit roles. • Bachelors degree in in computer science, technology, cybersecurity, or a related field of study preferred. • Expert knowledge of cloud security, containerization, API, DevOps, secure software development, application security, databases, and operating systems. • Demonstrated technical abilities in multiple areas, e.g., technology infrastructure and application controls, cyber security access management, network and cloud resiliency, etc. • Experience performing Technology risk assessments, control assessments, IT Audits, or implementing Cybersecurity controls for large-scale financial service organizations. • Understanding of artificial intelligence, machine learning, LLM, data science, and Robotic Process Automation (RPA) tools. • Preferred hands-on skills with various Programming and Scripting Languages, such as Python, PowerShell, Java, etc. audit testing tools and automation. • Ability to work simultaneously on multiple tasks and lead team priorities and workload. • Professional technology risk certifications, such as CISSP, CISA, CRISC, CISM, and/or Cloud Certifications, CCSP, CCSK, AWS preferred. • Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC, Program, SOX, ISO27001. • Excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management. • Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer, preferred.
The Value You Deliver
Conducting in-depth information technology risk and cyber security control assessments of existing production applications, systems currently being developed using emerging technologies, and technology infrastructure. Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy, and procedural changes for risk avoidance and mitigation.
Develop data analysis and apply innovative automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses. Provide technical assistance on risk-related systems issues and monitoring controls related to application security, CICD programs, regulatory requirements, and serve as a liaison for technology risk management.
Assist with conducting Cloud SaaS risk assessments and readiness reviews for applications using AIML technologies. Determining appropriate Key Performance Indicators (KPIs) and Risk-Indicators (KRIs) for IT risk monitoring. Understanding and consulting on information security standards and industry best practices.
Manage IT Controls program activities, including managing the Controls Inventory in GRCOpenPages and control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements. Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting, and action plans with owners, and issue resolution.
Certifications
Category: Information Technology
Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week, all business days M-F in a Fidelity office. This does not apply to Remote or fully Onsite roles.
Please be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities investment and retirement-related financial activities, and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.