Fidelity Investments
The Role
The Fidelity Enterprise Cybersecurity Governance, Risk and Compliance (GRC) Product Area is seeking a Director, External Audit Engagement to lead engagements with independent third-party audit firms. Third-party firms are hired to assess Fidelity’s control environment and attest to the design and operation of cybersecurity controls, following industry-standard frameworks. The Director will introduce ECS product areas to the requirements within certification frameworks, work with line managers to ensure controls are designed and operating in accordance with framework requirements and defined procedures, assist product area teams with gathering evidence to demonstrate control effectiveness, resolve or explain potential exceptions, and oversee the timely issuance of draft and final reports attesting to Fidelity’s cybersecurity control environment. The Director will work closely with Enterprise Technology and Risk Analysis (ETRA) External Audit Center of Excellence and with relevant BU information technology organizations throughout engagements.
The Expertise And Skills You Bring
Proven knowledge of IT risk and cybersecurity functions and how they contribute to Fidelity’s mission and success.
Extensive knowledge of audited cybersecurity frameworks and standards, including SOC 1, SOC 2, SOC 3, PCI DSS, HITRUST, ISO/IEC 27000 family.
Experience in managing projects end-to-end and communicating progress effectively across multiple lines and levels.
Understanding of the NIST Cybersecurity Framework core standards.
Bachelor’s degree in a technology or computer science field is a plus.
7+ years in IT assurance for a major firm (e.g., Big 4) with Fortune 500 clients.
Cybersecurity certifications are a plus.
Prior experience in a cybersecurity role or IT risk role.
Ability to establish trust with ECS business partners and BU stakeholders.
Independent worker with ownership mindset and a “focus and finish” attitude.
Ability to influence product areas to prioritize external assessments in roadmaps and backlogs.
Ability to manage multiple priorities independently and proactively resolve issues.
Strong facilitation and presentation skills for business meetings.
Ability to respond quickly to requests and maintain urgency.
Data analysis and synthesis; working knowledge of MS Excel.
The Value You Deliver
Help win and retain Fidelity business by demonstrating the depth and breadth of Fidelity’s cybersecurity program.
Manage third-party assessments in a manner that minimizes risk for Fidelity.
Review exceptions or findings on final reports and support their remediation.
Serve as a center of excellence and expertise for external audit processes, value and outcomes.
The Team
Members of the Compliance Center of Excellence within the GRC Product Area ensure Fidelity ECS has policies and controls aligned to external requirements and work with Product Area teams to produce evidence supporting those controls. The external requirements include federal and state laws, regulations, guidance, best practices, and industry expectations. Members engage with external assessors and examination staff to provide evidence of control.
Certifications
Category: Information Technology
Most roles at Fidelity are Hybrid, requiring onsite work every other week (M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles.
PLEASE NOTE: Fidelity’s business is governed by various securities, investment, and retirement regulatory laws and rules; those laws may restrict Fidelity from hiring individuals with certain criminal histories. Fidelity is an equal opportunity employer.
#J-18808-Ljbffr
The Fidelity Enterprise Cybersecurity Governance, Risk and Compliance (GRC) Product Area is seeking a Director, External Audit Engagement to lead engagements with independent third-party audit firms. Third-party firms are hired to assess Fidelity’s control environment and attest to the design and operation of cybersecurity controls, following industry-standard frameworks. The Director will introduce ECS product areas to the requirements within certification frameworks, work with line managers to ensure controls are designed and operating in accordance with framework requirements and defined procedures, assist product area teams with gathering evidence to demonstrate control effectiveness, resolve or explain potential exceptions, and oversee the timely issuance of draft and final reports attesting to Fidelity’s cybersecurity control environment. The Director will work closely with Enterprise Technology and Risk Analysis (ETRA) External Audit Center of Excellence and with relevant BU information technology organizations throughout engagements.
The Expertise And Skills You Bring
Proven knowledge of IT risk and cybersecurity functions and how they contribute to Fidelity’s mission and success.
Extensive knowledge of audited cybersecurity frameworks and standards, including SOC 1, SOC 2, SOC 3, PCI DSS, HITRUST, ISO/IEC 27000 family.
Experience in managing projects end-to-end and communicating progress effectively across multiple lines and levels.
Understanding of the NIST Cybersecurity Framework core standards.
Bachelor’s degree in a technology or computer science field is a plus.
7+ years in IT assurance for a major firm (e.g., Big 4) with Fortune 500 clients.
Cybersecurity certifications are a plus.
Prior experience in a cybersecurity role or IT risk role.
Ability to establish trust with ECS business partners and BU stakeholders.
Independent worker with ownership mindset and a “focus and finish” attitude.
Ability to influence product areas to prioritize external assessments in roadmaps and backlogs.
Ability to manage multiple priorities independently and proactively resolve issues.
Strong facilitation and presentation skills for business meetings.
Ability to respond quickly to requests and maintain urgency.
Data analysis and synthesis; working knowledge of MS Excel.
The Value You Deliver
Help win and retain Fidelity business by demonstrating the depth and breadth of Fidelity’s cybersecurity program.
Manage third-party assessments in a manner that minimizes risk for Fidelity.
Review exceptions or findings on final reports and support their remediation.
Serve as a center of excellence and expertise for external audit processes, value and outcomes.
The Team
Members of the Compliance Center of Excellence within the GRC Product Area ensure Fidelity ECS has policies and controls aligned to external requirements and work with Product Area teams to produce evidence supporting those controls. The external requirements include federal and state laws, regulations, guidance, best practices, and industry expectations. Members engage with external assessors and examination staff to provide evidence of control.
Certifications
Category: Information Technology
Most roles at Fidelity are Hybrid, requiring onsite work every other week (M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles.
PLEASE NOTE: Fidelity’s business is governed by various securities, investment, and retirement regulatory laws and rules; those laws may restrict Fidelity from hiring individuals with certain criminal histories. Fidelity is an equal opportunity employer.
#J-18808-Ljbffr