ETRA Principal Technology Risk Analyst, External AuditJob Description :
The Role
The External Audit Center of Excellence within Fidelity’s Enterprise Technology Risk and Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to help us oversee the technology areas of external audit engagements.
You will enhance and run the external audit oversight program activities focused on key technology areas including DevOps, Cloud and Technology Operations.
In addition, you will perform proactive risk assessments and develop control strategies for emerging technologies including AI / Machine Learning and Snowflake data services.
To aplish this, you will work closely with technology support teams, Enterprise Cybersecurity (ECS), Enterprise Infrastructure (EI), Cloud and Platform Engineering (CAPE), BU Technology partners, BU Operations Risk, and Fidelity’s external auditors.
The role can be based in Merrimack, Boston, Smithfield, North Carolina, or Westlake, and will report to the External Audit Center of Excellence Lead.
The Team
External Audit Center of Excellence oversees the management and execution of technology audit engagements (, SOC 1, SOC 2, control attestations) for the Enterprise.
External audit certifications are critical to Fidelity’s institutional businesses, and our key focus is protecting the interests of our clients, customers, and Fidelity’s brand by overseeing the effectiveness of technology controls through successfulpletion of external audit certifications.
The CoE collaborates closely with the business units, technology leaders and operational risk teams develop best in class standards and practices for external audits and build the roadmaps for future technology and business requirements.
The Expertise and Skills You Bring
- 5-9 years’ experience in information technology auditing, information technology risk, cyber security, or controls assurance roles
- Bachelor’s degree inputer Science, Information Systems, Technology, or a related field of study preferred
- Demonstrated technical abilities in multiple areas including technology infrastructure and application controls, cloud, cyber security, and access management
- Experience or knowledge of CI / CD technologies, automated code build and deployments pipelines / orchestration solutions
- Experience performing risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations
- Experience supporting or conducting SOC 1 or control attestation audit engagements preferred but not required
- Professional technology risk certification (CISSP, CISA, CISSP, CRISC, CISM) and / or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
- Your love of solvingplex problems, andfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk and develop controls using your analytical and critical thinking skills
- Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
- Experience with Cloud security and controls and cloud technology environments (AWS / Azure, PaaS, SaaS)
- Knowledge of industry standards, frameworks, and methodologies, such as SOC 1, SOC 2, ISO27001, HITRUST
- You have excellent verbal and writtenmunication skills enabling you to prepare and present findings clearly and concisely
- You demonstrate a proven sense of ownership, accountability, and amitment to achieving objectives
- Your ability to build and maintain collaborative working relationships to craft and assist in the execution of appropriate controls design and monitoring
The Value You Deliver
- Leading external auditor readiness engagements and readiness assessments and providing timely status updates to management
- Planning and coordination of audit cycles with external auditors and internal stakeholders
- Facilitating requests from external auditor and monitoring to ensure timelypletion
- Performing technology risk assessments and developing control strategies, including documenting controls, identifying potential gaps and / or inconsistencies and making sound rmendations for improvement and / or mitigation.
- Providing technical assistance on risk related systems issues, and serving as a liaison with technology and risk teams to track external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution
- Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation.
- Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed.
- Assist with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.
Certifications :
Fidelity Investments is a privately heldpany with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future.
We assistpanies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients’ money.
Join Us
At Fidelity, you’ll find endless opportunities to build a meaningful career that positively impacts peoples’ lives, including yours.
You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home.
Honored with a , we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don’t need a finance background to succeed at Fidelity we offer a range of opportunities for learning so you can build the career you’ve always imagined.
blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks).
At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry .
Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation, , and may be asked to provide additional documentation as requested.
This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent).
These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances : Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.
We invite you to Find Your Fidelity at .
Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.
Fidelity will reasonably amodate applicants with disabilities who need adjustments to participate in the application or interview process.
To initiate a request for an amodation, contact the HR Amodation Team by sending an email to .
We wee those with experience in jobs such as General, General, and General and others in the General to apply. Job ID 1420620755