Director - Technology Risk Controls CoE

Job Description:

Note: Fidelity will not provide immigration sponsorship for this position.

The Role

Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Enterprise Technology Risk group is seeking a passionate, driven and experienced professional to lead the Technology Risk Controls CoE team. This role is responsible for overseeing control management and control testing activities, including test execution, reporting, and control design and optimization. This strategic role will require strategic networking and relationship management skills to collaborate with various business units and risk teams, as well as a strong strategic mindset to develop and execute a control testing automation strategy. Additionally, keeping the team motivated and on track to meet program testing commitments is critical. Additional responsibilities include:

• Providing technical direction and professional guidance to Technology Risk associates that fosters individual growth and development as well as team and organizational deliverables

• Evaluating control maturity by performing control design and operating effectiveness reviews and reviewing associate output as needed

• Conducting in-depth control assessments, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation

• Assist with developing and monitoring technology controls to meet applicable security, audit, and regulatory requirements

• Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management

• Determining appropriate KPIs/KRIs for IT controls monitoring

• Managing IT Controls program activities; this includes managing the Controls Inventory, control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements.

• Developing an IT Controls automation strategy, and monitoring implementation progress

The Expertise and Skills You Bring

• 8-10 years’ experience in information technology risk, controls, or audit roles

• Prior experience in team management and leadership is preferred

• Bachelor’s degree in computer science, technology, or a related field of study preferred

• Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred

• Experience performing control assessments or implementing controls for large scale financial service organizations (cloud, distributed, vendor solutions, mainframe, and network environments)

• Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)

• Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS)

• You have a strong knowledge of information technology processes and controls, and a comprehensive understanding of risk, quality control and assurance functions

• Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills

• Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring

• Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development and monitoring of controls

• Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, SWIFT, HITRUST is preferred

• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred

• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management

The Team

You will report to a Technology Risk leader and manage a team of control testing analysts. The Technology Risk Controls team oversees the management of controls and controls testing, including its’ automation strategy. Technology Risk is part of the broader Legal, Risk and Compliance group and partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity’s brand. You will also work closely with the Enterprise Technology Risk teams as well as Fidelity technology and business owners, and Operational Risk teams.

Certifications:

Category:

Information Technology

Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Some roles may have unique onsite requirements. Please consult with your recruiter for the specific expectations for this position.

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.