Job Description:
The Role
Do you want to join a Center of Excellence (CoE) focused on developing best in class standards & practices for external audits? The External Audit CoE within Fidelity’s Enterprise Technology Risk & Analytics (ETRA) group is seeking a hard-working, driven, and experienced professional to join the team. You will help enhance and run the external audit oversight program activities, including defining and executing the external audit strategy and program, and working with External Auditors, Technology, Operations and Risk teams to lead the technology audit engagements. You will also develop data analysis and automated tools to generate actionable insights needed to support and enhance program activities.
The Expertise You Have
• Bachelor’s Degree in Computer Science, Information Systems, Technology, Accounting, or a related field of study preferred.
• 4-7 years of experience in information technology auditing (preferably supporting or conducting audits), information technology risk or compliance, cyber security, or controls assurance roles.
• Demonstrated technical abilities in multiple domains (e.g., technology infrastructure and application controls, cyber security, access management, cloud, resiliency, etc.).
• Experience implementing and assessing controls over highly automated business processes.
• Working knowledge of cloud-native technologies, including cloud databases, along with familiarity with DevOps methodologies, automated deployment processes, and supporting tools.
• Strong understanding of data protection processes and controls for handling various levels of confidential data across diverse environments.
• Hands-on experience with data exploration and visual analytics concepts, utilizing business intelligence and visualization tools such as Excel, Alteryx, Tableau, and Power BI.
• Professional technology risk certification (CISA, CISSP, CRISC) and/or Cloud Certification(s) (CCSP, CCSK, AWS) desired but not required.
The Skills You Bring
• Strong analytical skills, critical thinking, and attention to detail.
• Ability to solve complex problems through the creative use of data analytics.
• Knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
• A process-oriented mindset and deep understanding of operations and technology to support the analysis, design, and oversight of effective control frameworks.
• Knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, PaaS, SaaS).
• Knowledge of Industry standards, frameworks, and methodologies, such as SOC 1, SOC 2, ISO27001, HITRUST.
• Excellent verbal and written communication skills enabling you to prepare and present findings clearly and concisely.
• A sense of ownership, accountability, and a commitment to achieving objectives.
• The ability to build and maintain collaborative working relationships to craft and assist in the execution of appropriate controls design and monitoring.
• The ability to remain focused and complete priorities in the face of change.
The Value You Deliver
• Gather, organize, and analyze externally audited systems data to uncover key insights that can be presented through data visualizations.
• Develop analytics to proactively identify risk across the firm (in high impact areas such as logical access, application resiliency, cloud, vendor and more).
• Assist with planning and coordination of audit cycles with external auditors and internal stakeholders.
• Effectively manage audit scope changes and maintain an authoritative inventory of externally audited systems.
• Facilitating requests from external auditor and monitoring to ensure timely completion.
• Assist with information technology risk assessments and readiness assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
• Proactively identify, track, monitor, report, & advise of any risks to external audit engagements.
• Work across business, technology and risk teams to execute technology audit engagements according to schedule while proactively managing and resolving challenges that arise during the audit cycle.
• Maintain a comprehensive inventory of externally audited controls, including detailed mappings to audit reports and GRC records, along with practical descriptions of how each control is executed.
• Support the creation of detailed procedural documentation to guide business and technology partners in understanding and integrating standard external audit controls into their products.
The Team
You will be part of the External Audit team within ETRA. The CoE manages and coordinates Enterprise external audit technology engagements (SOC 1, SOC 2, attestation reports, etc.) in close partnership with the business unit technology risk teams. Technology Risk is part of the broader Legal, Risk and Audit (LRA) group and partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity’s brand.
You will also work with Fidelity technology and business owners, Enterprise Cybersecurity (ECS), Enterprise Infrastructure & Operations (EI&O), Fidelity Architecture & Engineering (FAE), Business Unit Technology partners, Business Unit Operations Risk, and Fidelity external auditors.
Note: Fidelity is not providing immigration sponsorship for this position
Certifications:
Category:
Information TechnologyFidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.
Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.