This job has expired, please see additional jobs below
Senior Technology Risk Analyst
Fidelity Investments
Merrimack, NH, United States
Job Details - this job has expired, please see similar jobs below
This role will primarily focus on the design and application development guidelines of the various cloud platforms utilized by Fidelity. The Senior Technology Risk Cloud Analyst will collaborate with Enterprise Cloud Computing (ECC), business unit development, compliance, and information security teams supporting Workplace Investing (WI), Healthcare and Benefits Marketplace (HCBM), Personal Investing (PI), and Advanced Process Solutions (APS) to ensure IT General Controls (ITGC) and other key controls are considered prior to the migration to the cloud. The analyst will provide guidance, mentorship, and best practices to the business during the initiation phase of the cloud project lifecycle. Secondary responsibilities will include the documentation and testing of ITGCs specific to the cloud and other technology domains. Efforts will support the ongoing controls assurance for the SOC 1 reports, ISO 27001 certification, regulatory exams, and other requirements. The associate will be a member of the Enterprise Technology Risk and Analytics (ETRA) team within the Fidelity Enterprise Risk Management (FERM) organization. The job may involve occasional travel to both onshore and offshore locations.
The Team
Reporting to the Vice President of Technology Risk Management, the analyst will work with WI, HCBM, PI, and APS technology organizations to enable the safe and secure use of the cloud for Fidelity. You will communicate best practices, perform in-depth control readiness assessments, monitor and track remediation activities, and provide Technology Risk approval for cloud implementations. This is a hands-on analyst role, which requires a combination of both strong technical and influencing skills, as well as analysis activities.
The Expertise You Have
• Bachelor’s degree preferred
• Professional Cloud Certification(s) (CCSP, CCSK, etc.) and/or information security/ technology risk management certification preferred (CISSP, CISA, CRISC, CISM)
• 6 or more years’ experience with focus in any or all of the following areas:
• Information security/technology risk management for large-scale, complex IT infrastructures and distributed environments
• Enterprise level cloud based development, deployment, and auditing include: PAAS, IAAS, SAAS, Cloud Ready design patterns
• Experience with DevOps tools like Concourse, Jenkins, Artifactory, etc.
The Skills You Bring
• Your general knowledge of information security management standards and regulatory requirements, such as ISO 27001 and/or NIST
• Your ability to build support among key partners across BUs for proposed strategies and solutions
• Your ability to provide dedicated technical support to the development, QA and support teams
• Your ability to analyze business direction and problem, understand long term vision and risk and guide technical solutions
• Your deep understanding of application deployment and management patterns
• Your ability to work on dynamic initiatives and projects that cut across divisional and organizational boundaries. Working with peers, technical and non-technical team members on POCs and Projects independently to drive business value and results
• Your ability to identify measurable dimensions (including ROI) of a business problem and present the options with pros and cons
• Your phenomenal presentation, documentation, communication and influencing skills as well as skills which present/influence technology direction in business context to the stakeholders
The Value You Deliver
• Assess the design and operating effectiveness of IT/Information Security controls required for cloud based platforms and applications
• Provide guidance and mentorship on cloud based application solutions which include regulatory, contractual, security and architecture standards
• Actively monitor control remediation plans in the Governance Risk and Compliance (GRC) system
• Assess risks inherent with the solution in such a way that the recommendations and findings are appropriate and can be implemented
• Perform IT General Control readiness assessments
• Partner with internal ECC teams in technology policy recommendations and configuration for automation components and services.
• Actively monitor and participate in external IT resources and communities and sharing knowledge with various technology development communities
• Participate in problem solving and perform impact analysis
• Ability to build positive relationships with the development teams with quick alignment of value and understanding of the business and technology
Company Overview
At Fidelity, we are focused on making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associate for their unique perspectives and experiences. For information about working at Fidelity, visit FidelityCareers.com.
Fidelity Investments is an equal opportunity employer.