About the role

Principal Technology Risk Analyst evaluating technology, financial, reputational risks and managing compliance programs in Corporate Services for Fidelity Investments.

Responsibilities

Help evaluate risks (technology, financial, reputational, and regulatory) and enhance/manage core program activities.
Define and execute the technology risk strategy and program.
Work with Technology, Operations and Risk teams to holistically manage risk.
Perform proactive risk and control assessments, monitor technology controls, document, and oversee remediation plans.
Provide appropriate risk and controls consulting on key CST initiatives and Emerging Technologies activities.
Engage with Corporate Services Technology teams and Senior leadership, Internal Audit and External Audit teams.
Assess various information technology risks that the business faces and implement action plans, policy and procedural changes for risk avoidance and mitigation.
Develop data analysis and apply innovative automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses.
Provide technical assistance on risk-related systems issues and monitoring controls related to application security, CI/CD programs, regulatory requirements and serve as a liaison for technology risk management.
Assist with conducting Cloud, SaaS risk assessments and readiness reviews for applications using AI/ML technologies.
Manage IT Controls program activities, this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.

7+ years’ experience in information technology risk, cyber security, controls, or audit roles.
BA/BS/MS in in computer science, technology, cybersecurity, or a related field of study preferred.
Expert knowledge of cloud security, containerization, API, DevOps, secure software development, application security, databases, and operating systems.
Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.).
Experience performing Technology risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations.
Understanding of artificial intelligence, machine learning, LLM, data science, and Robotic Process Automation (RPA) tools.
Preferred hands-on skills with various Programming/Scripting Languages (Python, PowerShell, Java, etc.), audit testing tools, and automation.
Ability to work simultaneously on multiple tasks and lead team priorities and workload.
Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred.
Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC Program, SOX, ISO27001.
Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management.
Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred.