Principal Technology Risk Analyst

• Experience performing technology risk assessments, control assessments or IT Audits
• Ability to represent complex programs to external auditors and regulators
• Experience or knowledge of cloud-based deployments, DevOps, and associated risk/controls and auditing requirements preferred
• Expertise and hands-on experience in ITSM processes, at an enterprise level
• Professional technology risk certifications or interest in pursuing (CISSP, CISA, CRISC, CISM) preferred

The Skills You Bring
• You have a strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
• Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel
• Your love of solving complex problems, comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
• Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
• Your ability to manage multiple projects concurrently and to work under pressure to meet tight timeline commitments
• Experience performing risk assessments, control assessments, IT audits or implementing technology controls for large scale financial service organizations (mainframe, distributed, network and cloud environments)
• Knowledge of industry standards, frameworks, and best practices, such as NIST, SOC1, SOC2, ISO27001, ISO27701, ISO22301
• Your skillset and hands-on experience with ITSM processes and oversight
• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to business partners and senior management
• Advanced computer literacy with word processing, spreadsheet, process flow and presentation applications
• Your comfort with data analytics and ability to consume and distribute data
• Knowledge of governance, risk, and compliance (GRC) tools, such as Archer is preferred
• Understanding of application development, deployment and management patterns, especially DevOps and CI/CD practices is preferred

The Value You Deliver
• Ability to act as a leader on the team, who is comfortable sharing your thoughts and POV to senior management
• Desire to continuously learn and stay up to date on an ever-changing technology landscape.
• Assessing the various information technology risks that the business units face in their operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation
• Conducting in depth information technology risk assessments, which include documenting controls, identifying potential gaps or inconsistencies, creating detailed process flows, and making sound recommendations for improvement and/or mitigation
• Conducting readiness reviews and IT General Control reviews for large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and necessary controls are in place
• Identifying/designing appropriate KPIs/KRIs for IT risk monitoring
• Understanding and consulting on information security standards and industry best practices
• Ensuring associates are trained and knowledgeable about information technology controls
• Reviewing third party vendors and contracts to ensure appropriate controls are in place and function effectively
• Tracking action plans to ensure findings are remediated appropriately, and in a timely manner
• Liaison with Internal and External audit teams, tracking internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
• Providing risk perspective for technology incidents, track risk findings related to incidents, and serve as a liaison for technology risk management
• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed

The Team

The Technology Risk team oversees the management of controls, and the mitigation of risk related to our technology infrastructure and processes, focusing on protecting the interests of our clients, customers, employees, and company. Our team's focus is technology risk the for EI&O Business unit.

Note: Fidelity is not providing immigration sponsorship for this position

Certifications:

Category:

Information Technology
Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Client-provided location(s): Boston, MA, Merrimack, NH, Westlake, TX

Job ID: Fidelity-2115271

Employment Type: OTHER

Posted: 2025-08-13T01:11:23