Principal, Cybersecurity Risk

Note: Fidelity will not provide immigration sponsorship for this position

The Role

The Enterprise Cybersecurity Risk (ECS Cyber Risk) team is seeking an experienced Principal-level risk professional to lead in the creation of cyber risk analysis pertaining to ECS. The candidate will understand current and emerging cybersecurity risks and determine key risk scenarios for the ECS Product Areas. The candidate will participate in risk / threat modeling sessions to prioritize top risks. The candidate will advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings. The candidate will quantify cyber risk and present analyses at the technical and executive level that will allow senior management to make informed decisions based on resulting risk data.

 The Expertise and Skills You Bring

• Minimum 3-5 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders.

• Demonstrated experience in cybersecurity risk management, assessment frameworks, and metrics reporting.

• Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and subject matter experts to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk analysis tools and communicate progress effectively across multiple lines and levels.

• Use and understanding of governance, risk, and compliance tools.

• Advanced understanding of NIST 800-53 Cybersecurity Framework, Cybersecurity Risk Institute (CRI), and FAIR

• CRISC, CISSP, or CISM certifications are preferred.

• You have effective communication and excellent presentation skills to senior leaders.

• You can deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved.

• Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found is a must.

• You can work across business lines to influence change and help mitigate cyber risk.

• You have an intermediate understanding of risks pertaining to the following: cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software.

• You operate in a fast-paced environment and can complete analyses quickly and accurately integrating new cybersecurity data into risk models as it emerges.

• You bring an investigator mindset to deep dive into metrics to understand and communicate actionable risk to business and technology groups.

• Determining the appropriate controls for cybersecurity risks

• Working with asset inventory and asset management

• Evaluating multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement.

• Determining what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress.

The Team

ECS Cyber Risk provides cybersecurity risk analyses pertaining to existing and emerging risk scenarios and communicates these risks to appropriate ECS technical teams and senior leadership. This team focuses on identifying, measuring, prioritizing, and reporting on cyber risk scenarios and will work both independently and across business units and technology teams to assist senior management with informed decisions and directions in strategy to either maintain the course or if needed, change direction.

Placement in the range will vary based on job responsibilities and scope, geographic location, candidate’s relevant experience, and other factors.

Base salary is only part of the total compensation package. Depending on the position and eligibility requirements, the offer package may also include bonus or other variable compensation.   

We offer a wide range of benefits to meet your evolving needs and help you live your best life at work and at home.  These benefits include comprehensive health care coverage and emotional well-being support, market-leading retirement, generous paid time off and parental leave, charitable giving employee match program, and educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career.  Note, the application window closes when the position is filled or unposted.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.