ETRA Principal Technology Risk Analyst, External Audit

Job Description

:

The Role

The External Audit Center of Excellence within Fidelity’s Enterprise Technology Risk and Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to help us oversee the technology areas of external audit engagements. You will enhance and run the external audit oversight program activities focused on key technology areas including DevOps, Cloud and Technology Operations. In addition, you will perform proactive risk assessments and develop control strategies for emerging technologies including AI/Machine Learning and Snowflake data services. To accomplish this, you will work closely with technology support teams, Enterprise Cybersecurity (ECS), Enterprise Infrastructure (EI), Cloud and Platform Engineering (CAPE), BU Technology partners, BU Operations Risk, and Fidelity’s external auditors. The role can be based in Merrimack, Boston, Smithfield, North Carolina, or Westlake, and will report to the External Audit Center of Excellence Lead.

The Team

External Audit Center of Excellence oversees the management and execution of technology audit engagements (e.g., SOC 1, SOC 2, control attestations) for the Enterprise. External audit certifications are critical to Fidelity’s institutional businesses, and our key focus is protecting the interests of our clients, customers, and Fidelity’s brand by overseeing the effectiveness of technology controls through successful completion of external audit certifications. The CoE collaborates closely with the business units, technology leaders and operational risk teams develop best in class standards and practices for external audits and build the roadmaps for future technology and business requirements.

The Expertise and Skills You Bring

• 5-9 years’ experience in information technology auditing, information technology risk, cyber security, or controls assurance roles
• Bachelor’s degree in Computer Science, Information Systems, Technology, or a related field of study preferred
• Demonstrated technical abilities in multiple areas including technology infrastructure and application controls, cloud, cyber security, and access management
• Experience or knowledge of CI/CD technologies, automated code build and deployments pipelines/orchestration solutions
• Experience performing risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations
• Experience supporting or conducting SOC 1 or control attestation audit engagements preferred but not required
• Professional technology risk certification (CISSP, CISA, CISSP, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
• Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk and develop controls using your analytical and critical thinking skills
• Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
• Experience with Cloud security and controls and cloud technology environments (AWS/Azure, PaaS, SaaS)
• Knowledge of industry standards, frameworks, and methodologies, such as SOC 1, SOC 2, ISO27001, HITRUST
• You have excellent verbal and written communication skills enabling you to prepare and present findings clearly and concisely
• You demonstrate a proven sense of ownership, accountability, and a commitment to achieving objectives
• Your ability to build and maintain collaborative working relationships to craft and assist in the execution of appropriate controls design and monitoring

The Value You Deliver

• Leading external auditor readiness engagements and readiness assessments and providing timely status updates to management
• Planning and coordination of audit cycles with external auditors and internal stakeholders
• Facilitating requests from external auditor and monitoring to ensure timely completion
• Performing technology risk assessments and developing control strategies, including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
• Providing technical assistance on risk related systems issues, and serving as a liaison with technology and risk teams to track external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution
• Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation.
• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed.
• Assist with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.

Certifications: