Director, Cybersecurity Risk

About The Position

Requirements

• Minimum 5-7 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders.
• Demonstrated experience in cybersecurity risk management.
• Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and SMEs, to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk tools and communicate progress effectively across multiple lines and levels.
• Advanced understanding of NIST 800-53 Cybersecurity Framework and FAIR.
• Effective communication and excellent presentation skills to senior leaders.
• Ability to deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved.
• Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found.
• Ability to work across business lines to influence, motivate change and help mitigate cyber cyber risk.
• Advanced understanding of risks pertaining to cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software.
• Ability to operate in a fast-paced environment and can complete analyses quickly and accurately integrating new cybersecurity data into risk models as it emerges.
• Mathematical/statistic mindset.
• An investigator approach to deep dive into metrics to understand and communicate actionable risk to senior leadership.

Nice To Haves

• CISSP, CCSP, OpenFAIR certifications preferred.

Responsibilities

• Hold Product Area risk / threat modeling sessions to prioritize top risks (Quarterly).
• Advise on backlog prioritization based on risk (Quarterly).
• Advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings.
• Quantify cyber risk and present analyses that will allow senior management to make informed decisions based on resulting risk data.
• Provide data input into the ECS Heat Map Team.
• Work with Product Area/Squad leaders to drive lasting security decisions which will substantially mitigate Fidelity’s cyber risk.
• Evaluate multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement.
• Determine what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress.

Benefits

• Comprehensive health care coverage and emotional well-being support
• Market-leading retirement
• Generous paid time off and parental leave
• Charitable giving employee match program
• Educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career.