Job Description:

Position Description:

Assess the controls over application processes, including physical and logical security, systems acquisition and development, system and network infrastructure, system architecture, change management, computer operations, and production support. Evaluates network architecture, infrastructure, and system configurations to identify security risks and weaknesses. Performs penetration testing and vulnerability assessments to identify potential entry points for cyber threats.

Primary Responsibilities:

• Evaluates Fidelity’s information systems, technology, infrastructure, and security protocols.
• Performs agile audits, evaluating risks, including technology, financial, reputational, and regulatory, and testing controls designed to mitigate risk.
• Identifies and assess complex risks, communicate issues and findings to management, devise solutions to mitigate identified risks, and follow-up on corrective actions to ensure the safeguarding of sensitive data, protection against cyber threats, and compliance with industry standards and applicable regulations.
• Develops data analysis and applies leading edge and other automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses.
• Develops an ongoing “trusted advisor” relationship with audit clients and Internal Audit business unit colleagues to ensure timely and consistent controls advice.
• Provides audit advisory services on new and changing products and systems and develops talented professionals for audit and leadership positions.
• Conducts Data Discovery and Classification Audits to assess how data is being stored, transmitted, and processed across Fidelity.
• Leads DLP policy effectiveness assessments and reviews to identify policy gaps and areas in need of improvement.
• Conducts Transmission and Storage Audits to ensure the secure transmission and storage of sensitive data both within and outside the organization.
• Conducts Insider Threat Detection Audits to identify and prevent potential data breaches caused by insider threats, including employees, contractors, and business partners.
• Reviews incident response plans and procedures to assess the organization’s readiness to handle cyber security incidents.
• Provides recommendations for improving incident detection, response, and recovery processes.

Education and Experience:

Bachelor’s degree in Computer Science, Engineering, Information Technology, Information Management, Information Systems, or a closely related field (or foreign education equivalent) and five (5) years of experience as an Senior Manager, Enterprise Technology Standards & Controls Office (or closely related occupation) conducting enterprise cybersecurity audits and risk assessments across cloud and on-premises environments, IT infrastructure, applications, operations, finance, databases, and network security.

Or, alternatively, Master’s degree in Computer Science, Engineering, Information Technology, Information Management, Information Systems, or a closely related field (or foreign education equivalent) and three (3) year of experience as an Senior Manager, Enterprise Technology Standards & Controls Office (or closely related occupation) conducting enterprise cybersecurity audits and risk assessments across cloud and on-premises environments, IT infrastructure, applications, operations, finance, databases, and network security.

Skills and Knowledge:

Candidate must also possess:

• Demonstrated Expertise (“DE”) conducting IT audits, assessing security controls, and evaluating compliance within AIM enterprises, financial services, and cloud/on-prem IT infrastructure using frameworks -- NIST, COBIT, and ISO 27001.
• DE reviewing security configurations, access controls, and data protection for financial applications, cloud environments (AWS, Azure, GCP), and on-premises IT infrastructure to identify vulnerabilities and risks.
• DE performing cyber risk quantification (FAIR, Monte Carlo simulations) for financial and AIM sector organizations, linking technical risks to financial impact and business continuity maintaining Cloud Technologies (AWS, Azure), Big Data environment (Splunk), and Information Security Topics (IAM, DR, Network security).
• DE working within financial industry regulations (SOX, PCI-DSS, FFIEC, GDPR) and aligning security policies, third-party risk, and governance frameworks with enterprise risk management (ERM) strategies Audit projects using Snowflake, JFrog Home & Edge, and Truster Partner Access.

#PE1M2

#LI-DNI

Certifications:

Category:

Information Technology

Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Some roles may have unique onsite requirements. Please consult with your recruiter for the specific expectations for this position.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.