Job Description:
The Enterprise Cyber Security Team (ECS) provides services to coordinate and manage the firm's Vendor Security including SaaS vendors. The Vendor Technology Review (VTR) program is validating controls implementation against Fidelity. The successful candidate needs to have foundational knowledge of the full OSI layers, IT operations, and information security principles.
The analyst will need to be flexible applying foundation knowledge to adapt to varying product implementations and learning new skills as gaps are identified.
You will execute assessments of key technical controls in conjunction with the firms' implementation teams and/or third-party service providers. Working with business, technology, Information Security Office (ISO), and vendor management teams, the individual will acquire control evidence required based on the technology, platform, and application architecture and assess the controls against Fidelity's requirements prior to go-live.
Want more jobs like this?
Get jobs delivered to your inbox every week.
The Expertise You Have and The Skills You Bring
- BS degree in Information Technology or a related field (advanced degree preferred)
- Three or more years Technology risk advisory, information security consulting or IT audit experience in large, complex environment
- Expertise with cloud computing architecture and implementation
- Relevant certifications such as CISSP, CISA, or ISO27001 Lead Auditor are preferred
- Knowledge of network, application, platform and database technologies and strong knowledge of InfoSec, Technology Risk, and Infrastructure related processes
- Strong analytical and problem solving skills
- Demonstrated ability to work independently as well as in a team environment
- Excellent written and verbal communication skills required, will interact with cross functional management including the executive team
- You will provide consulting to technology teams for SaaS control requirements
- You will conduct architecture and design reviews, as well as application and infrastructure assessments and you will evaluate applicable controls for compliance with Fidelity requirements
- You will assist BU's in evaluating residual risk associated with control inadequacies
- You will prepare written reports after the completion of the assessment
Certifications:
Category:
Information Technology
Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.