Senior, Cybersecurity Analyst

  • Competitive
  • Smithfield, RI, USA
  • Permanent, Full time
  • Fidelity Investments
  • 16 Dec 17 2017-12-16

Senior, Cybersecurity Analyst

The Fidelity Enterprise Cybersecurity Risk Management ("ECS Risk") team is seeking to recruit an experienced and knowledgeable cybersecurity risk analyst to primarily conduct highly technical assessments of current and emerging cybersecurity risks associated with the development, deployment and support of business applications and infrastructure systems

The Expertise We're Looking For

  • Bachelor's degree in a technology, computer science, or engineering discipline strongly preferred
  • 6 or more years' demonstrated experience in cybersecurity risk assessments, cybersecurity risk management, technology audit, or technology operations required


Purpose of Your Role

This role will help develop the organizational understanding of cybersecurity risks to systems, assets, data and capabilities by identifying, measuring, prioritizing, and reporting on systemic cross-enterprise risks that warrant senior management attention and remediation. Additionally, this role will provide enterprise cybersecurity risk guidance and consulting pertaining to technology solutions and controls.

The Skills You Bring
  • Experience performing in-depth technical risk assessments of business applications and infrastructure systems with emphasis on a multitude of technology risk categories (e.g., logical security, physical security, production monitoring and support, disaster recovery, vendor management, change / release management, system development) required
  • Experience performing substantive controls validation required
  • Experience working independently and with relatively low supervision required
  • Experience with NIST Cybersecurity Framework core standards and practices, COBIT 5 for Risk, and FAIR preferred
  • Experience writing formal risk assessments and/or audit reports preferred
  • Prior IT operational experience preferred
  • Prior IT audit experience helpful
  • CISSP, CEH, and CISA certifications a plus

The Value You Deliver
  • Perform end-to-end technical assessments of business applications and infrastructure systems using an established cybersecurity framework, methodology and set of processes
  • Review a multitude of cybersecurity risks with emphasis on identifying, measuring and reporting systemic cross-enterprise risks that warrant senior management attention and remediation
  • Provide ad-hoc risk guidance and consulting pertaining to the development, implementation and support of cybersecurity solutions and controls
  • Manage and support the Enterprise Cybersecurity Risk Heat Map Program
  • Support the annual cybersecurity risk assessment planning process


How Your Work Impacts the Organization

ECS provides centralized cybersecurity services and governance for the enterprise. The organization is structurally aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework Core Functions (i.e., Identify, Protect, Detect, Respond and Recover). It offers best-in-class services including, but not limited to, cybersecurity architecture and engineering, development and operations, detection and response, enterprise policy administration and exception management, information security administration, risk assessment, penetration testing, secure code review, disaster recovery management, vendor technology risk review and management of external audit programs (e.g., ISO27001, SOC1).Company Overview

At Fidelity, we are focused on making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. For information about working at Fidelity, visit FidelityCareers.com

Fidelity Investments is an equal opportunity employer.