Job Description:

The Role

The Enterprise Cybersecurity Risk (ECS Cyber Risk) team is seeking an experienced Director-level risk professional to lead in the creation of cyber risk analyses pertaining to ECS. You will understand current and emerging cybersecurity risks and determine key risk scenarios for the ECS Product Areas. You will hold Product Area risk / threat modeling sessions to prioritize top risks (Quarterly). You will advise on backlog prioritization based on risk (Quarterly). The candidate will advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings. The candidate will quantify cyber risk and present analyses that will allow senior management to make informed decisions based on resulting risk data.

The Expertise and Skills You Bring

Minimum 5-7 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders

Demonstrated experience in cybersecurity risk management

Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and SMEs, to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk analysis tools and communicate progress effectively across multiple lines and levels

Sophisticated understanding of NIST 800-53 Cybersecurity Framework and FAIR

CISSP, CCSP, OpenFAIR certifications preferred

You have effective communication and excellent presentation skills to senior leaders

You can deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved

Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found is a must

You can work across business lines to influence, motivate change and help mitigate cyber risk

You have a sophisticated understanding of risks pertaining to the following: cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software

You operate in a fast-paced environment and can complete analyses quickly and accurately integrating new cybersecurity data into risk models as it emerges

You bring an investigator attitude to deep dive into metrics to understand and communicate concrete risk to senior leadership

The Value You Deliver

Providing data input into the ECS Heat Map Team

Working with Product Area/Squad leaders to drive lasting security decisions which will substantially mitigate Fidelity’s cyber risk

Evaluating multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement

Determining what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress

The Team

ECS Cyber Risk provides cybersecurity risk analyses pertaining to existing and emerging risk scenarios and communicates these risks to appropriate ECS Product Area and senior leadership. This team focuses on identifying, measuring, prioritizing, and reporting on cyber risk scenarios and will work both independently and across product areas to drive senior management to informed decisions and directions in strategy to either maintain the course or if needed, change direction.

Certifications:

Company Overview

Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients’ money.

Join Us

At Fidelity, you’ll find endless opportunities to build a meaningful career that positively impacts peoples’ lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees’ Choice Award(opens in a new tab), we have been recognized by our employees as a Best Place to Work in 2022. And you don’t need a finance background to succeed at Fidelity—we offer a range of opportunities for learning so you can build the career you’ve always imagined.

As a result of COVID-19, many of our associates are continuing to work remotely. When Fidelity employees eventually return to the office, our goal is for most people to work flexibly in a way that balances both personal and business needs with time onsite and offsite through what we’re calling “Dynamic Working(opens in a new tab).” 

We invite you to Find Your Fidelity at fidelitycareers.com.

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Leave of Absence/Accommodation Team by sending an email to accommodations @fmr.com, or by calling 800-835-5099, prompt 2, option 2.