Performs audit engagements for Cloud Infrastructure-as-a-Service
(IaaS), Software-as-a-Service (SaaS), virtualization, and DevSecOps
process, using AWS, Azure, and DevOps tools (Bitbucket, Jenkins,
Artifactory, SonarQube, Veracode, and uDeploy). Plans, leads, and
executes concurrent IT audits, including the review of
cybersecurity, applications, and IT infrastructure for across
business units in Fidelity which includes assessing and testing
complex security and technology controls for existing / new
applications and platforms, emerging technologies, and
communication of enhancements and remediation plans to senior
management across business units.
Performs complex Information Security, Application, and
Infrastructure audits across Fidelity business units and evaluates
risks including, technology, financial, reputational, and
Collaborates with system architects, product heads, and business
unit leadership to provide recommendations on enhancing technology
and security controls in the multiple business units technology
Identifies and assesses complex risks, both business and
technological, to provide advice to management regarding mitigation
Collaborates with data analytics and audit innovation groups to
identify and implement analytics for testing technology controls
and implements automation.
Assesses technology and security controls across applications,
infrastructure, and system architecture for on-premise and Cloud
Develops an ongoing "trusted advisor" relationship with audit
clients and internal audit business unit colleagues to ensure
timely and consistent control advice.
Tests technology controls.
Education and Experience:
Bachelors degree (or foreign education equivalent) in Computer
Science, Engineering, Information Technology, Information Systems,
Mathematics, Physics, or a closely related field and five (5) years
of experience in the job offered or five (5) years of experience
performing IT audit, information security, and risk management of
enterprise and financial services applications and IT
Or, alternatively, Masters degree (or foreign education
equivalent) in Computer Science, Engineering, Information
Technology, Information Systems, Mathematics, Physics, or a closely
related field and three (3) years of experience in the job offered
or three (3) years of experience performing IT audit, information
security, and risk management of enterprise and financial services
applications and IT infrastructure.
Skills and Knowledge:
Candidate must also possess:
Demonstrated Expertise (DE) leading large-scale financial
service organization audit engagements on public, private, and
hybrid Cloud environments -- Amazon Web Services (AWS), Microsoft
Azure, and Robotic Process Automation (RPA) -- using Blue Prism and
Network Systems (Palo Alto WAF), Docker and Kubernetes
containerization technologies, and Python scripting language for
automated testing; and developing risk assessment audit reports and
presentations with recommended remediation and corrective actions
for senior management, using Microsoft Office suite and Visio.
DE leading cyber security audit engagements -- overseeing,
advising, monitoring, and improving Corporate Information Security
programs -- Application Security -- using Veracode (Code Scanning
Tool) and Qualys Web Application Scanner; providing Cyber Security
Incident Responses, (CSIRT), using HP ArcSight, Splunk, Cylance,
and Tanium Identity; and performing access management, and security
architecture and engineering, using CyberArk / CA Xsuite, Okta,
SailPoint, and Azure Active Directory.
DE working with data analytics and automation teams to identify
and implement analytics and automation for technology control
testing, using ACL and Tableau; performing continuous security
monitoring for Cloud environments using ScoutSuite; and performing
automation of manual processes using machine learning tools --
DE leading risk and data analysis, and technology audits for
compliance with the Federal Reserve Bank according to FINRA, SEC,
and MSRB regulations, global regulations (GDPR , PRA, FCA, and
MAS), RBI, industry standards (NIST, FFIEC, and FSIAC), and CIS
Benchmarks; and drafting audit results and corrective action
reports for senior executives.
For full job details and to apply, please visit
https://jobs.fidelity.com/ and search for job number: 2012735.