Director, External Audit Engagement

Success in this role will be demonstrated by well-managed external audit engagements resulting in unqualified opinions and/or certifications of Fidelity's cyber control environment. These audit engagements and frameworks cover SOC1/2/3, ISO 27001, NIST CSF/800-53, HITRUST, and PCI-DSS, among others. The successful incumbent will also have familiarity with laws and regulations which impose information security requirements on Fidelity's businesses, including HIPAA, GLBA, FFIEC, CFTC, and GDPR, to name a few. This will permit the successful incumbent to work with colleagues in GRC to coordinate compliance activities across ECS product areas. By working across Fidelity and achieving unqualified reports from 3rd party assessors, the External Audit Engagement team assures clients that they can select Fidelity with confidence to administer company benefit plans and to process and safeguard customer transactions and accounts.

The Expertise and Skills You Bring

• Proven knowledge of IT risk and cybersecurity functions and how they contribute to Fidelity's mission and success.
• Extensive knowledge of audited cybersecurity frameworks and standards, including AICPA's SOC 1, SOC 2, and SOC 3, including all SOC 2 trust principles; Payment Card Industry's Data Security Standard; HITRUST; ISO/IEC 27000 family
• Experience and knowledge managing projects end-to-end, with demonstrable ability to communicate progress effectively across multiple lines and levels.
• Understanding of NIST Cybersecurity Framework core standards
• Bachelor's degree in a technology or a computer science subject area a plus
• 7+ years working in IT assurance for a 'Big 4' or similar audit firm and experience with Fortune 500 clients.
• Cybersecurity certifications a plus
• Prior experience in a cybersecurity role (policy, operations, technology) or in an IT risk role
• Ability to quickly establish trust and a positive rapport with ECS business partners and BU stakeholders.
• Independent worker; high sense of ownership; 'focus and finish' attitude.
• Ability to influence product areas to prioritize external assessments in product roadmaps and backlogs.
• Ability to manage multiple priorities independently; proactive approach to defining issues and resolving open questions.
• Ability to effectively facilitate and follow up on business meetings, present information to groups with the appropriate degree of formality.
• React quickly to requests; bring a sense of urgency to respond to inquiries.
• Data analysis and synthesis; working knowledge of MS-Excel

The Value You Deliver

• Help to win and retain business for Fidelity by demonstrating the depth and breadth of Fidelity's cybersecurity program.
• Manage third-party assessments in a manner which minimizes risk for Fidelity.
• Review exceptions or findings on final reports and support their ultimate remediation.
• Center of excellence and expertise for external audit processes, value and outcomes

The Team

Members of the Compliance Center of Excellence within the GRC Product Area are charged with knowing the external requirements and standards to which Fidelity is held. They make certain that Fidelity ECS has appropriate policies and controls which align to these standards, and they work with Product Area teams to produce evidence supporting the policies and controls. The external requirements include federal and state laws, regulations, guidance, best practices, and industry expectations. Members of the team engage with external assessors and examination staff periodically to provide evidence of control.
The base salary range for this position is $103,000-$218,000 per year.
Placement in the range will vary based on job responsibilities and scope, geographic location, candidate's relevant experience, and other factors.

Base salary is only part of the total compensation package. Depending on the position and eligibility requirements, the offer package may also include bonus or other variable compensation.

We offer a wide range of benefits to meet your evolving needs and help you live your best life at work and at home. These benefits include comprehensive health care coverage and emotional well-being support, market-leading retirement, generous paid time off and parental leave, charitable giving employee match program, and educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career. Note, the application window closes when the position is filled or unposted.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Certifications:

Category:

Information Technology