Cybersecurity Consultant (Internal Audit Facilitator)

Fidelity TalentSource is your destination for discovering your next temporary role at Fidelity Investments! We are currently sourcing for a Sr. Cybersecurity Consultant (Regulatory & Audit) to work in Fidelity’s Enterprise Cybersecurity division in Boston, MA!

The Team

The Enterprise Cybersecurity (ECS) Regulatory & Audit team helps ECS and corporate partners manage firm-wide cybersecurity risk by providing key support services. As part of Cyber Regulatory & Audit, the ECS Internal Audit Engagement (IAE) team supports 25-30 internal audits annually. IAE seeks to reduce cyber risk through improved engagement and partnership with ECS Product Areas and Audit to ensure alignment, transparency, and efficiency throughout pre-audit, active audit, and post-audit efforts.

The Role

The ECS Internal Audit Engagement (IAE) team is seeking a hard-working and expert cybersecurity risk professional to support and partner with ECS Product Areas and Fidelity Corporate Audit. The role requires steadfast collaboration throughout the three phases of audit engagement: pre-audit (roadmap alignment, pre-audit control risk gap assessments, trend/theme analysis), active audit (risk quantification, drafting action plans, facilitating risk acceptances), and post-audit (action plan closure, reporting and metrics).

The Expertise and Skills You Bring

• Proven Risk Management and Mitigation experience
• Strong Risk, Process, Cyber Threat Analysis, and Control Gap Assessment skill
• Broad knowledge of cybersecurity threats and tactics
• Understanding of NIST Cybersecurity Framework standards and practices, COBIT 5
• Knowledge of Operations & Technology (identity & access management; physical/personnel security; security ops assessments), Information Risk Management (vendor risk management; cloud computer security; data management), Software Development Process and application security.
• Understanding of FAIR (Factor Analysis of Information Risk) cyber risk framework
• Familiarity with Archer GRC, Jira, and ServiceNow

General Business Skills

• Experience working as corporate/internal auditor or working with corporate audit function
• Analyst mentality to deep dive into audit findings to understand and communicate risks and appropriate responses
• Highly motivated, self-directed, independent problem solver with attention to detail.

Responsibilities

• Partner with internal teams to identify ECS control gaps
• Partner with Audit and ECS teams to confirm reported audit issues and perform FAIR quantitative risk assessments
• Drafting responses (Action Plans) to address valid audit observations
• Manage ECS Product Areas progress toward timely completion of action plans
• Find opportunities to improve team processes to better support ECS Product Areas
• Manage ECS Risk Acceptances
• Maintain and make use of metrics that support various reports and critical meetings
• Partner w/ ECS Product Areas to gain in-depth understanding of roadmaps, backlogs, etc.

Education and Experience

• Bachelor’s degree (or equivalent experience) in technology, computer science, or engineering strongly preferred
• 5 years’ experience in cybersecurity risk management, technology operations, system analysis, and/or project management
• Certification a plus: CISSP (Information Systems Security Professional), CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor)

Dynamic Working

At Fidelity TalentSource, our goal is for most people to work flexibly in a way that balances both personal and business needs with time onsite and offsite through what we call “Dynamic Working.” Most associates will have a hybrid schedule with a requirement to work onsite at a Fidelity location for at least one week, 5 consecutive days, every four weeks. These requirements are subject to change.