Job Description:

Position Description:

Plans and performs audit reviews to evaluate high risk areas and controls efficiencies associated with internal and external cybersecurity threats, data and network protection, and infrastructure, application, and Cloud vulnerabilities. Communicates emerging issues and key audit results to management and client stakeholders. Devises solutions for business improvements and follows-up on corrective actions.

Primary Responsibilities:

•           Audits data centers, network and IT infrastructure, firewalls, Cloud and mobile security, disaster recovery, and change and configuration management.

•           Leads Agile teams to execute technical audit projects focused on the evolution of the design and effectiveness of application, infrastructure, and cybersecurity controls and procedures.

•           Assesses risks and controls associated with internal and external cybersecurity threats, DevOps and Cloud security, data protection, and access administration.

•           Performs data analysis on potential exposures due to control weaknesses for management.

•           Collaborates with business, technology, security, legal, and privacy practitioners to evaluate initiatives that protect employee and customer privacy.

•           Collaborates with application developers, system architects, engineers, and security practitioners to perform readiness assessments of pre-production systems and emerging technologies.

•           Participates in cross-enterprise audits to identify and address systemic gaps.

•           Executes audit reviews, communicates issues to management, and follows-up on corrective actions.

•           Analyzes audit data and summarizes audit findings by applying strategic and organizational concepts, principles, methods, and techniques to solve issues and documents results.

•           Adheres to Agile methodologies by contributing to Agile ceremonies –stand-ups, backlog refinement, sprint planning using Agile artifacts — Canvas, Story Map, and Point of View.

•           Applies Agile auditing approaches to complete audit reviews.

•           Develops automated tools to evaluate application security and executes scripts to extract configuration data, roles and permissions, policies, and Cloud provider information.

•           Drafts audit reports that provide a clear description of identified issues, related implications on the business or enterprise, and recommendations to resolve issues.

•           Evaluates risks and controls over enterprise infrastructure, networks and cybersecurity platforms, system development efforts, and vulnerabilities.

•           Mentor junior team members.

Education and Experience:

Bachelor’s degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Assurance, Mathematics, Physics, or a closely related field and three (3) years of experience in the job offered or three (3) years of experience performing IT audit, information security, and risk management of enterprise and financial services applications and IT infrastructure on premises and on the Cloud.

Or, alternatively, Master’s degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Assurance, Mathematics, Physics, or a closely related field and one (1) year of experience in the job offered or one (1) year of experience performing IT audit, information security, and risk management of enterprise and financial services applications and IT infrastructure on premises and on the Cloud.

Skills and Knowledge:

Candidate must also possess:

Demonstrated Expertise (“DE”) developing scanning tools and scripts to identify personal identifiable information (PII) — security credentials and configurations — to improve the effectiveness of audits, using Python, PowerShell, and SQL; and performing data analysis on large datasets, collecting data, and developing readiness reviews, audit reports, and presentations with recommended remediation and corrective actions for senior management, using Microsoft PowerPoint, Visio, and Word.

DE performing IT risk analysis and security assessments of corporate-wide IT infrastructure; performing Cloud and system development using cybersecurity principles and techniques — NIST CSF; identifying technical control weaknesses, system vulnerabilities, and insecure configurations, using Amazon Web Services, Azure, Docker, Kubernetes, API, Oracle DB, and Microsoft SQL Server.

DE verifying the security and efficiency of Secure Software Development Lifecycle (SSDLC) processes, using DevOps and vulnerability scanning platforms — Bitbucket, Jenkins, Artifactory, Concourse, Veracode, Guardium VA, and Qualys; and identifying security gaps in privileged accounts administration, secrets management, and identity services, using Active Directory, SAML, and oAuth.

DE auditing internal controls and examining regulatory and financial risk within asset management services (managed accounts, global asset allocation for equities, and fixed and high income securities) and mutual fund operations (fund accounting and money movement).

#PE1M2

Certifications:

Company Overview

Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients’ money.

Join Us

At Fidelity, you’ll find endless opportunities to build a meaningful career that positively impacts peoples’ lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees’ Choice Award(opens in a new tab), we have been recognized by our employees as a Best Place to Work in 2022. And you don’t need a finance background to succeed at Fidelity—we offer a range of opportunities for learning so you can build the career you’ve always imagined.

As a result of COVID-19, many of our associates are continuing to work remotely. When Fidelity employees eventually return to the office, our goal is for most people to work flexibly in a way that balances both personal and business needs with time onsite and offsite through what we’re calling “Dynamic Working(opens in a new tab).”

We invite you to Find Your Fidelity at fidelitycareers.com.

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Leave of Absence/Accommodation Team by sending an email to accommodations @fmr.com, or by calling 800-835-5099, prompt 2, option 2.