Cloud/DevOps Risk Analyst, Cloud/DevOps Center of Excellence
Enterprise Technology Risk (ETRA) is seeking a passionate, driven, and experienced professional to join our Cloud/DevOps Center of Excellence. You will help manage ETRA’s relationship with Fidelity Architecture and Engineering (FAE) and will work closely with the various ETRA BU tech risk teams with several aspects of proactive risk and control assessments, monitoring technology controls and overseeing remediation plans. These include controls and risks related to cloud platforms and various other solutions supported or provided by FAE. You will also provide appropriate risk and controls consulting on cloud and emerging technologies activities, and engage with FAE teams, Internal Audit and External Audit teams. You will help enhance and manage the core program activities, including executing the technology risk strategy and program, and working with Technology, Operations and Risk teams to holistically manage risk.
The Team
You will report to the Director of the ETRA Cloud CoE, who oversees the management of controls and the mitigation of risk related to the technology environment, systems, and processes related to the cloud, software development pipelines, API’s and other critical technologies. Technology Risk partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity’s brand. You will work primarily with the Cloud and Platform Engineering (FAE) business unit, but also work closely with other Fidelity technology and business owners, Compliance teams, Enterprise Cybersecurity (ECS), Corporate Audit and Fidelity’s external auditors and regulators.
The Expertise and Skills You Bring
Bachelor’s degree in computer science, technology, or a related field of study
At least 3 years’ experience in information technology risk, controls, or audit roles with a large focus on cloud risk assessments.
Experience in assessing cloud platform implementations, CI/CD pipelines, ITGC testing.
Experience in analyzing end-to-end processes, while taking a data-driven approach to decision-making, with the ability to measure, collect, and leverage data effectively.
Strong exposure to technology operations, analysis, development, and monitoring of controls
Excellent communication and presentation skills to build rapport with partners, stakeholders, and to influence key decision makers to prioritize the remediation of cloud-based deployments/DevOps associated risks.
Knowledge of Industry standards, frameworks, and best practices, such as NIST SP800-53, COBIT, SOC1, ISO27001 is preferred
Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
Knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS)
Understanding of application development, deployment, and management patterns, especially DevOps and CI/CD practices in the Cloud is preferred
Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management
Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
The Value You Deliver
Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
Conducting in-depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation
Assist with developing and monitoring controls related to Cloud and Emerging Technologies and to meet applicable security, audit, regulatory requirements
Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management
Determining appropriate KPIs/KRIs for IT risk monitoring
Understanding and consulting on information security standards and industry best practices
Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.
Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
Fidelity’s working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks).
Note: Fidelity is not providing immigration sponsorship for this position.
Certifications: