Principal Technology Risk Analyst

Fidelity Investments-posted 4 months ago
Full-time • Mid Level
Hybrid • Merrimack, NH
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Enterprise Technology Risk & Analytics (ETRA) is seeking a passionate, driven, and experienced technology professional to join our team. The individual in this role will be based in Merrimack, Boston, Smithfield, or Westlake and report to the Director of Technology Risk for Advanced Process Solutions (APS), Customer Contact Center (EC3) and Enterprise Infrastructure & Operations (EI&O), within ETRA. The individual will work closely with our business units, Internal Audit, Risk, Information Security Officers (ISOs), and Fidelity external auditors and regulators. You will work closely with various ETRA Centers of Excellence (COEs), perform proactive risk and control assessments, monitor technology controls, document and oversee remediation plans, participate in corporate audits, and provide External Audit support. You will be responsible for monitoring and escalating business impacting incidents to ETRA and LRC senior leaders and develop/maintain associated reporting. This is also a great opportunity to work closely with the BU Technology teams on emerging technologies supporting modernization efforts.

  • Assessing the various information technology risks that the business units face in their operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation
  • Conducting in depth information technology risk assessments, which include documenting controls, identifying potential gaps or inconsistencies, creating detailed process flows, and making sound recommendations for improvement and/or mitigation
  • Conducting readiness reviews and IT General Control reviews for large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and necessary controls are in place
  • Identifying/designing appropriate KPIs/KRIs for IT risk monitoring
  • Understanding and consulting on information security standards and industry best practices
  • Ensuring associates are trained and knowledgeable about information technology controls
  • Reviewing third party vendors and contracts to ensure appropriate controls are in place and function effectively
  • Tracking action plans to ensure findings are remediated appropriately, and in a timely manner
  • Liaison with Internal and External audit teams, tracking internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
  • Providing risk perspective for technology incidents, track risk findings related to incidents, and serve as a liaison for technology risk management
  • Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
  • 5-8 years of experience in information technology risk management, audit and/or compliance, or cybersecurity with significant experience in information technology controls review; experience in financial services audit organization preferred
  • BA/BS, preferably in technology or related field of study
  • Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cybersecurity, access management, resiliency, data loss prevention (DLP), network, cloud, etc.)
  • Experience performing technology risk assessments, control assessments or IT Audits
  • Ability to represent complex programs to external auditors and regulators
  • Experience or knowledge of cloud-based deployments, DevOps, and associated risk/controls and auditing requirements preferred
  • Expertise and hands-on experience in ITSM processes, at an enterprise level
  • Professional technology risk certifications or interest in pursuing (CISSP, CISA, CRISC, CISM) preferred
  • Knowledge of industry standards, frameworks, and best practices, such as NIST, SOC1, SOC2, ISO27001, ISO27701, ISO22301
  • Knowledge of governance, risk, and compliance (GRC) tools, such as Archer is preferred
  • Understanding of application development, deployment and management patterns, especially DevOps and CI/CD practices is preferred
  • Hybrid working model blending onsite and offsite work experiences
  • Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office
Track Jobs with Teal

Job Search Resources

Resume Builder
Risk Analyst Resume Examples
Risk Analyst Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service