Principal Technology Risk Analyst

Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Technology Risk team for Corporate Services Technology (CST) within Enterprise Technology Risk & Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to join the team. You will help evaluate risks (technology, financial, reputational, and regulatory), enhance and manage the core program activities, this includes defining and executing the technology risk strategy and program, and working with Technology, Operations and Risk teams to holistically manage risk.  You will work closely with the various ETRA Centers of Excellence (CoEs) including performing proactive risk and control assessments, monitoring technology controls, documenting, and overseeing remediation plans. You will also provide appropriate risk and controls consulting on key CST initiatives and Emerging Technologies activities, and engage with Corporate Services Technology teams and Senior leadership, Internal Audit and External Audit teams.

The Team

You will report to the Corporate Services Technology Risk Director. The Technology Risk team oversees the management of controls and the mitigation of risk related to the technology environment, systems, and processes within Corporate Services. Technology Risk is part of the broader Legal, Risk and Compliance (LRC) group and partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity’s brand. You will also work closely with Fidelity technology and business owners, Corporate Services Operations Risk and Compliance teams, Enterprise Cybersecurity (ECS), Information Security Officers (ISOs), CST Corporate Audit team, and Fidelity external auditors and regulators.

 The Expertise You Have

• 7+ years’ experience in information technology risk, cyber security, controls, or audit roles.
• BA/BS/MS in in computer science, technology, cybersecurity, or a related field of study preferred.
• Expert knowledge of cloud security, containerization, API, DevOps, secure software development, application security, databases, and operating systems. 
• Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.).
• Experience performing Technology risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations.
• Understanding of artificial intelligence, machine learning, LLM, data science, and Robotic Process Automation (RPA) tools. 
• Preferred hands-on skills with various Programming/Scripting Languages (Python, PowerShell, Java, etc.), audit testing tools, and automation. 
• Ability to work simultaneously on multiple tasks and lead team priorities and workload. 
• Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred.
• Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC Program, SOX, ISO27001.
• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management.
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred.

The Value You Deliver

• Conducting in-depth information technology risk and cyber security control assessments of existing production applications, systems currently being developed using emerging technologies and technology infrastructure. 
• Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation.
• Develop data analysis and apply innovative automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses. 
• Provide technical assistance on risk-related systems issues and monitoring controls related to application security, CI/CD programs, regulatory requirements and serve as a liaison for technology risk management.
• Assist with conducting Cloud, SaaS risk assessments and readiness reviews for applications using AI/ML technologies.
• Determining appropriate KPIs/KRIs for IT risk monitoring.
• Understanding and consulting on information security standards and industry best practices.
• Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.
• Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.