Director Technology Risk

Fidelity Investments

(Durham, North Carolina)

Full Time

Job Posting Details

About Fidelity Investments

Fidelity Investments is one of the world's largest providers of financial services. Founded in 1946, the firm is a leading provider of investment management, retirement planning, portfolio guidance, brokerage, benefits outsourcing and many other financial products and services to more than 20 million individuals and institutions, as well as through 5,000 financial intermediary firms.

Responsibilities

* The successful candidate will be responsible for the design, development and execution of FI Technology’s Privileged Access and Segregation of Duties controls program, including:
* Developing an intimate understanding FIT Delivery processes and functions, to design and implement effective preventative and detective controls; ensuring secure efficient, and controlled delivery for both Waterfall and Agile project methodologies
* Partner across delivery teams (Development, QA, Release Engineering, etc), Technology Risk and Information Security to implement tools and processes to restrict technician’s direct and un-monitored access to sensitive systems, data or functions
* Lead FI and Enterprise sponsored projects of key tools and processes to support Privileged
* Access and Separation of Duties controls across FI Technology
* Direct or matrix management responsibilities for project delivery resources and project manager(s)
* Effectively partner with FI Information Security functions (Access Control, Monitoring and Detection, etc.) in the implementation and support of key tools and processes
* Provide thought leadership, and design consultation in the development of Audit and Risk controls for FI’s various DevOps implementations and tools
* Provide thought leadership, technical and process expertise for the effective management of data and access across FI test environments that contain sensitive data or functionality
* Partner with Architecture and Information Security colleagues to assist in the design and development of access monitoring and control processes across the stack, and in emerging cloud hosted environments

The successful candidate will be responsible for the design, development and execution of FI Technology’s Privileged Access and Segregation of Duties controls program, including:
Developing an intimate understanding FIT Delivery processes and functions, to design and implement effective preventative and detective controls; ensuring secure efficient, and controlled delivery for both Waterfall and Agile project methodologies
Partner across delivery teams (Development, QA, Release Engineering, etc), Technology Risk and Information Security to implement tools and processes to restrict technician’s direct and un-monitored access to sensitive systems, data or functions
Lead FI and Enterprise sponsored projects of key tools and processes to support Privileged
Access and Separation of Duties controls across FI Technology
Direct or matrix management responsibilities for project delivery resources and project manager(s)
Effectively partner with FI Information Security functions (Access Control, Monitoring and Detection, etc.) in the implementation and support of key tools and processes
Provide thought leadership, and design consultation in the development of Audit and Risk controls for FI’s various DevOps implementations and tools
Provide thought leadership, technical and process expertise for the effective management of data and access across FI test environments that contain sensitive data or functionality
Partner with Architecture and Information Security colleagues to assist in the design and development of access monitoring and control processes across the stack, and in emerging cloud hosted environments

Ideal Candidate

**Skills and Knowledge**

* The successful candidate will have broad and deep skills in several of the following areas:
* ITIL / IT delivery processes
* Information Security principles, policies and practices
* IT Project Management and Project Delivery – including FSDM and Fidelity Agile Methodology
* Security tools and technologies, including logging and monitoring tools and techniques, access
* control tools and processes, etc.
* DevOps
* Data management
* Influence and Organizational Navigation
* Professional verbal and written communication skills, with the ability to present complex data
* and concepts in a clear manner at all levels of the organization
* Ability to convey issues in a timely manner, with an appropriate level of detail, to diverse
* audiences, including: strategic plans, program status and potential security incident details or
* critical vulnerability exposures
* Process driven, with track record of continuous improvement
* Methodical, detailed, and well organized approach to work, to ensure accurate results
* Demonstrated strategic thought leadership and cross enterprise collaboration

**Education and Experience**

* Minimum of 10 years IT experience required, with deep expertise in one or several disciplines
* (development, quality assurance, release engineering, production support, etc.)
* Strong security and controls background.  Information Security or related certification(s) are a
* plus (e.g. CISSP, CISM, CISA).
* The position will require FINRA Series 99 Operations Professional registration
* Bachelor’s degree or equivalent experience required, major or minor in an IT Related field
* strongly preferred.  Master’s degree a plus.

Skills and Knowledge

The successful candidate will have broad and deep skills in several of the following areas:
ITIL / IT delivery processes
Information Security principles, policies and practices
IT Project Management and Project Delivery – including FSDM and Fidelity Agile Methodology
Security tools and technologies, including logging and monitoring tools and techniques, access
control tools and processes, etc.
DevOps
Data management
Influence and Organizational Navigation
Professional verbal and written communication skills, with the ability to present complex data
and concepts in a clear manner at all levels of the organization
Ability to convey issues in a timely manner, with an appropriate level of detail, to diverse
audiences, including: strategic plans, program status and potential security incident details or
critical vulnerability exposures
Process driven, with track record of continuous improvement
Methodical, detailed, and well organized approach to work, to ensure accurate results
Demonstrated strategic thought leadership and cross enterprise collaboration

Education and Experience

Minimum of 10 years IT experience required, with deep expertise in one or several disciplines
(development, quality assurance, release engineering, production support, etc.)
Strong security and controls background. Information Security or related certification(s) are a
plus (e.g. CISSP, CISM, CISA).
The position will require FINRA Series 99 Operations Professional registration
Bachelor’s degree or equivalent experience required, major or minor in an IT Related field
strongly preferred. Master’s degree a plus.