Fidelity Investments
Job Description:
Position Description:
Plans and executes multiple concurrent Information Technology (IT) audits, including reviews of cybersecurity, existing production applications, systems currently being developed, technology infrastructure, and specialized/emerging technologies. Assesses controls over software application processes, technical security, system and network architecture, computer operations, and production support. Performs data-driven, risk-based IT audit assessments of key software systems and applications by applying information security - methodologies in the areas of Identity and Access Management, Authentication Services, DevSecOps, and Encryption. Identifies and assesses technological risks and provides advice to management with regard to mitigation of these risks by leveraging cloud toolsDatadog, CloudAware, Divvy Cloud, and CloudDiscovery. Plans and implements audit of applications/infrastructure based on cloud servicesDynamoDB; EKS; AKS; EC2; Azure VM; Lambda; and S3 Buckets.
Primary Responsibilities:
Enhances existing IT controls and enterprise cybersecurity frameworks within database systemsOracle, DB2, and SQL Server.
Develops data analysis and other automated tools to provide management with proper context of potential exposure and loss of business due to IT control weaknesses within Big Data environmentsHadoop, Splunk, and ELK.
Implements, upgrades, and monitors security measures for the protection of computer networks and information.
Assesses system vulnerabilities for security risks and proposes and implements risk mitigation strategies.
Reviews plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
Assesses on-prem infrastructure based on Linux/Unix servers or Mainframe Z/OS to propose risk mitigation strategies.
Education and Experience:
Bachelor's degree (or foreign education equivalent) in Computer Science, Engineering, Cybersecurity, Information Technology, Information Management, Information Systems, or a closely related field and three (3) years of experience as an IT Audit Manager (or closely related occupation) performing IT audits to analyze risks by leveraging Cloud, Operating System technologies, Networking & Cybersecurity tools, and Scripting and Data Analytics in an Enterprise Technology domain.
Or, alternatively, Master's degree (or foreign education equivalent) in Computer Science, Engineering, Cybersecurity, Information Technology, Information Management, Information Systems, or a closely related field and one (1) year of experience as an IT Audit Manager (or closely related occupation) performing IT audits to analyze risks by leveraging Cloud, Operating System technologies, Networking & Cybersecurity tools, and Scripting and Data Analytics in an Enterprise Technology domain.
Skills and Knowledge:
Candidate must also possess:
Demonstrated Expertise ("DE") performing technology audit and risk analysis of software applications in an Enterprise Technology domain based on cloud infrastructure in AWS and Azure, including analysis of EC2, EKS, IAM, Security Groups, and Azure VMs.
DE performing technology audits of applications based on on-prem infrastructure including analysis of Linux/Unix servers, Oracle Database, Microsoft Exchange, Mainframe TSS Z/OS, and Delinea.
DE planning and executing data-driven audit engagements for large-scale digital platforms using Splunk Logging, scripting via PowerShell, Snowflake, Data Analytics & Visualization via MS Excel/PowerBI, and DivvyCloud.
DE evaluating end-to-end security of Continuous Integration/Continuous Deployment (CI/CD) pipelines using Github, Jenkins, Cyberark, Mend, and Artifactory.
#PE1M2
#LI-DNI
Certifications:
Category:
Audit
Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.
Position Description:
Plans and executes multiple concurrent Information Technology (IT) audits, including reviews of cybersecurity, existing production applications, systems currently being developed, technology infrastructure, and specialized/emerging technologies. Assesses controls over software application processes, technical security, system and network architecture, computer operations, and production support. Performs data-driven, risk-based IT audit assessments of key software systems and applications by applying information security - methodologies in the areas of Identity and Access Management, Authentication Services, DevSecOps, and Encryption. Identifies and assesses technological risks and provides advice to management with regard to mitigation of these risks by leveraging cloud toolsDatadog, CloudAware, Divvy Cloud, and CloudDiscovery. Plans and implements audit of applications/infrastructure based on cloud servicesDynamoDB; EKS; AKS; EC2; Azure VM; Lambda; and S3 Buckets.
Primary Responsibilities:
Enhances existing IT controls and enterprise cybersecurity frameworks within database systemsOracle, DB2, and SQL Server.
Develops data analysis and other automated tools to provide management with proper context of potential exposure and loss of business due to IT control weaknesses within Big Data environmentsHadoop, Splunk, and ELK.
Implements, upgrades, and monitors security measures for the protection of computer networks and information.
Assesses system vulnerabilities for security risks and proposes and implements risk mitigation strategies.
Reviews plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
Assesses on-prem infrastructure based on Linux/Unix servers or Mainframe Z/OS to propose risk mitigation strategies.
Education and Experience:
Bachelor's degree (or foreign education equivalent) in Computer Science, Engineering, Cybersecurity, Information Technology, Information Management, Information Systems, or a closely related field and three (3) years of experience as an IT Audit Manager (or closely related occupation) performing IT audits to analyze risks by leveraging Cloud, Operating System technologies, Networking & Cybersecurity tools, and Scripting and Data Analytics in an Enterprise Technology domain.
Or, alternatively, Master's degree (or foreign education equivalent) in Computer Science, Engineering, Cybersecurity, Information Technology, Information Management, Information Systems, or a closely related field and one (1) year of experience as an IT Audit Manager (or closely related occupation) performing IT audits to analyze risks by leveraging Cloud, Operating System technologies, Networking & Cybersecurity tools, and Scripting and Data Analytics in an Enterprise Technology domain.
Skills and Knowledge:
Candidate must also possess:
Demonstrated Expertise ("DE") performing technology audit and risk analysis of software applications in an Enterprise Technology domain based on cloud infrastructure in AWS and Azure, including analysis of EC2, EKS, IAM, Security Groups, and Azure VMs.
DE performing technology audits of applications based on on-prem infrastructure including analysis of Linux/Unix servers, Oracle Database, Microsoft Exchange, Mainframe TSS Z/OS, and Delinea.
DE planning and executing data-driven audit engagements for large-scale digital platforms using Splunk Logging, scripting via PowerShell, Snowflake, Data Analytics & Visualization via MS Excel/PowerBI, and DivvyCloud.
DE evaluating end-to-end security of Continuous Integration/Continuous Deployment (CI/CD) pipelines using Github, Jenkins, Cyberark, Mend, and Artifactory.
#PE1M2
#LI-DNI
Certifications:
Category:
Audit
Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.