Manager - Technology Risk

Job Title - Manager - Technology Risk

The Team

The ETRA India  team is an extended arm of Enterprise technology Risk and analytics – Enterprise risk Management  oversees the management of controls and the mitigation of risk related to the technology environment, systems, and processes across on prem and cloud. Technology Risk is part of the broader Legal, Risk and Compliance (LRC) group and partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity’s brand. You will also work closely with Fidelity technology and business owners, Business Unit Operations Risk and Compliance teams, Enterprise Cybersecurity (ECS), the Corporate Audit team, and Fidelity external auditors and regulators.

The Purpose of This Role

In this position, you will be executing targeted risk assessments / quick hit reviews across business units and report out on key issues impacting Enterprise from a technology perspective

The Value You Deliver

·       Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation

·       Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed.

·       Conducting in depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.

·       Assist with conducting Database, Devops, CI/CD pipeline and Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.

·       Assist with developing and monitoring controls related to Cloud and Emerging Technologies and to meet applicable security, audit, regulatory requirements

·       Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management

·       Understanding and consulting on information security standards and industry best practices

·       Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.

·       Liaising with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.

The Skills that are Key to this role

·       You have the ability to contribute to a team through your strong knowledge of cloud-related information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.

·       Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills

·       Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development and monitoring of controls

·       Experience performing Risk Assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale system environments (preferably cloud environments but also distributed architectures and/or networks)

·       Knowledge of Industry standards, frameworks and best practices, such as NIST SP800-53, COBIT, SOC1, ISO27001

·       Hands-on experience using standard cloud service provider (CSP) tools and interfaces, as well as exposure to On premises and Database controls

·       Knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS)

·       Understanding of application development, deployment and management patterns, especially DevOps and CI/CD practices in the Cloud is essential

·       Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management

·       Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring

How Your Work Impacts the Organization

Fidelity Enterprise Risk Management provides oversight and direction to Business Groups in proactively identifying and monitoring risks in order to protect the interests of the firm. To execute this goal, Enterprise Technology Risk is responsible for analyzing, aggregating, and escalating significant risk events impacting the Firm , ensuring effective communication and treatment of risk is carried out in accordance to established programs.

The Expertise we’re Looking For

·       8+ years’ experience in information technology risk, cyber security, controls or audit roles

·       Bachelor’s Degree in Computer Science, Technology, or a related field of study preferred. Experience strongly preferred in cloud-based technologies and related controls.

·       Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)

·       Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS, Azure) preferred

·       Experience performing technology risk assessments, control assessments or IT audits

·       Experience or knowledge of cloud-based deployments, DevOps, and associated risk/controls and auditing requirements preferred

Location : Bangalore

Shift timings: 11AM- 8PM