Posted 3 days ago
No clicks
**Director, Technology Risk** leads IT controls and risk management, ensuring data protection. Key responsibilities include developing and implementing GRC tools, managing risk and control assurance methodologies, executing information security certifications, overseeing governance forums, and maintaining controls inventory. This role requires a Bachelor's or Master's degree in a relevant field and 6 to 4 years of experience in technology risk, along with expertise in IT risk assessments, data analytics, and various auditing methodologies. Candidates should possess strong expertise in executing risk assessment audits, compliance with GDPR, SOX 404, and other regulatory requirements. This senior-level position demands excellent stakeholder communication and rigorous problem-solving skills to drive enterprise data security and protect retirement plan participant accounts.
- Compensation
- Not specified
- City
- Not specified
- Country
- Not specified
Currency: Not specified
Full Job Description
Job Description:
Position Description:
Develops and implements IT controls (including IT Audit and IT security controls) and strategies to further the protection of customer data. Ensures adequate IT control coverage using Public Accounting (IT Audit) and Controls expertise. Develops an understanding of the IT landscape using IT system, control, and process owners. Manages and develops a team of analysts and ensures comprehensive responses to client technology audits and security assessments. Regularly meets with executives and senior representatives from clients, across all market segments, to discuss the IT control environment, and how the enterprise protects data and retirement plan participant accounts. Discusses and promotes enterprise technology and security capabilities with stakeholders.
Primary Responsibilities:
Supports the development, enhancement, and implementation of Governance, Risk, and Compliance (GRC) tools.
Develops and maintains risk and control assurance methodologies, policies and control frameworks, and risk register in GRC platform tools.
Executes and manages certifications in relation to information security standards for the Information Security Management System (ISMS).
Coordinates and manages the activities of a cross-functional governance forum for the oversight and management of key deliverables for the ISMS.
Maintains the centralized controls inventory and manages the periodic controls verification/certification process with Control Owners.
Performs controls normalization to develop a standard set of controls across audits and programs.
Designs and implements ongoing risk and controls trainings to Control Owners and Managers.
Provides support for the management of annual enterprise audits.
Oversees internal and external audit engagements.
Oversees the IT controls program and identifies control deficiencies and workarounds.
Supports the development and integration of a centralized platform for risk and controls management.
Designs, develops, and maintains processes for modules and functionalities.
Diagnoses, troubleshoots, and resolves hardware, software, or other network and system problems.
Replaces defective components when necessary.
Education and Experience:
Bachelors degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and six (6) years of experience as a Director, Technology Risk (or closely related occupation) evaluating Information Produced by the Entity (IPE) in a financial auditing environment, using IT general controls, IT application controls, and IT dependent manual controls.
Or, alternatively, Masters degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and four (4) years of experience as a Director, Technology Risk (or closely related occupation) evaluating Information Produced by the Entity (IPE) in a financial auditing environment, using IT general controls, IT application controls, and IT dependent manual controls.
Skills and Knowledge:
Candidate must also possess:
Demonstrated Expertise (DE) executing risk assessment audits of large-scale IT systems (including Enterprise Resource Planning (ERP) systems, cybersecurity, and Cloud computing systems); and developing reports and presentations for senior management with recommended mediation and corrective actions, using Archer to mitigate security and financial risk.
DE performing IT risk assessments and audits to ensure compliance with General Data Protection Regulation (GDPR), SOX 404, and Accounting Standard 606 regulatory requirements; and drafting reports for senior executives on audit results and corrective actions (Security Policy, Access Control, and Change Controls), using access management tools (Access Hub and SailPoint), configuration management tools (ServiceNow), and data analytic tools (PowerBI and Alteryx).
DE performing application audits, vendor system assessments, and pre and post system implementation assessments according to auditing software development methodologies -- Agile, Scrum, Scaled Agile Framework, and DevOps; and performing technology audits using industry frameworks -- Payment Card Industry (PCI), Control Objectives for Information and Related Technologies (COBIT), National Institute of Standards and Technology (NIST), and ISO 27001.
DE performing information security audits of data, programs, and source code, using Audit Command Language (ACL) data analytics tool within UNIX/Linux, Windows, and Relational Database Management Systems (Oracle, Sybase and SQL Server) environments.
#PE1M2
#LI-DNI
Certifications:
Category:
Information TechnologyPlease be advised that Fidelitys business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.
Apply
All fields are required.
Benefits that balance life and work
From our fully paid parent leave to our on-site health and wellness centers, our benefits support the belief that more balance you have, the better you can achieve your goals.
Company overview
Company overview
At Fidelity, we are passionate about making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associates for their unique perspectives and experience.
Reasonable accommodations
Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation contact the HR Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 3.
Equal opportunity employer
Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop, and retain a diverse workforce is to build an enduring culture of inclusion and belonging.
Applicant screening
At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.
AI Guidelines
Learn about our guidelines for use of AI when applying for a Fidelity job
