Principal, Cybersecurity TesterAssessor

Job Description:

Principal Cybersecurity Tester/Assessor

The Role

As a member of the Vendor Cybersecurity team you will help ensure that all Fidelity vendors and thirdparty service providers meet our cybersecurity requirements. You will assess risks associated with the vendors we engage document your findings clearly and influence remediation this position:

• You will evaluate thirdparty cybersecurity controls to ensure that confidential data and business operations are protected.

• You will stay current with cybersecurity best practices and identify risks introduced through vendor technologies processes and services.

• You will continuously refine your ability to assess risks and vulnerabilities in a rapidly evolving technology landscape.

• You will produce clear thorough documentation for each assessment and ensure tracking through closure.

• You will collaborate with peers sharing expertise and providing guidance as your own capabilities grow.

• You will leverage your principallevel experience to enhance assessment techniques mentor teammates and contribute to overall program maturity.

The Skills and Expertise You Bring

• A minimum of six years of professional experience leading work in IT cybersecurity IT audit IT controls or IT project management.

• Strong ability to engage with peers and vendors clearly and confidently including in challenging conversations.

• Deep knowledge of IT systems and architecture especially cybersecurity controls enterprise architectures and associated technologies.

• Expertise with cloud computing architecture and implementation.

• Bachelors degree in Information Technology or a related field.

• Strong IT audit background and familiarity with control frameworks such as such as NIST ISO 27001 and SOC 2.

• Professional certifications such as CISSP CISA or equivalent are strongly preferred.

• Experience with thirdparty risk assessments is strongly desired.

• Excellent written and verbal communication skills including the ability to interview vendors about their cybersecurity posture and clearly articulate findings in written reports.

• Outstanding organizational skills and attention to detail with the ability to manage multiple concurrent vendor assessments.

• Expertlevel understanding of network application platform and database technologies including cybersecurity controls and infrastructure supporting IT systems.

The Team

This role is part of our Vendor Management organization where we focus on assessing thirdparty vendors and the risks they may pose to the firm. Our Vendor Cybersecurity team proactively identifies and evaluates potential vulnerabilities introduced through vendor relationships. We perform comprehensive cybersecurity risk assessments evaluate vendor security practices and ensure that appropriate safeguards are in place. When issues arise we act quickly and decisively to address and mitigate risks to protect the firm.

Certifications:

Category:

Most roles at Fidelity are Hybrid requiring associates to work onsite every other week (all business days M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles.

Please be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934 the Investment Advisers Act of 1940 the Investment Company Act of 1940 ERISA numerous state laws governing securities investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations including FINRA among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.