IT Audit Manager - 2022990

Company: Fidelity Investments
Location: Boston, MA
Posted on: May 7, 2021

Job Description:

Plans and performs audit reviews to evaluate high risk areas and controls efficiencies associated with internal and external cybersecurity threats, data and network protection, and infrastructure, application, and Cloud vulnerabilities. Communicates emerging issues and key audit results to management and client stakeholders. Devises solutions for business improvements and follows-up on corrective actions.

Primary Responsibilities:

Audits data centers, network and IT infrastructure, firewalls, Cloud and mobile security, disaster recovery, and change and configuration management.

Leads Agile teams to execute technical audit projects focused on the evolution of the design and effectiveness of application, infrastructure, and cybersecurity controls and procedures.

Assesses risks and controls associated with internal and external cybersecurity threats, DevOps and Cloud security, data protection, and access administration.

Performs data analysis on potential exposures due to control weaknesses for management.

Collaborates with business, technology, security, legal, and privacy practitioners to evaluate initiatives that protect employee and customer privacy.

Collaborates with application developers, system architects, engineers, and security practitioners to perform readiness assessments of pre-production systems and emerging technologies.

Participates in cross-enterprise audits to identify and address systemic gaps.

Executes audit reviews, communicates issues to management, and follows-up on corrective actions.

Analyzes audit data and summarizes audit findings by applying strategic and organizational concepts, principles, methods, and techniques to solve issues and documents results.

Adheres to Agile methodologies by contributing to Agile ceremonies --stand-ups, backlog refinement, sprint planning, using Agile artifacts (Canvas, Story Map, and Point of View).

Applies Agile auditing approaches to complete audit reviews.

Develops automated tools to evaluate application security and executes scripts to extract configuration data, roles and permissions, policies, and Cloud provider information.

Drafts audit reports that provide a clear description of identified issues, related implications on the business or enterprise, and recommendations to resolve issues.

Evaluates risks and controls over enterprise infrastructure, networks and cybersecurity platforms, system development efforts, and vulnerabilities.

Plans, implements, upgrades, or monitors security measures for the protection of computer networks and information.

Responds to computer security breaches and viruses and shares relevant threat advisories with the team to raise awareness.

Education and Experience:

Bachelors degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Information Assurance, Mathematics, Physics, or a closely related field and three (3) years of experience in the job offered or three (3) years of experience performing Information Technology audits, risk assessments, and cybersecurity control reviews.

Or, alternatively, Masters degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Information Assurance, Mathematics, Physics, or a closely related field and one (1) year of experience in the job offered or one (1) year of experience performing Information Technology audits, risk assessments, and cybersecurity control reviews.

Skills and Knowledge:

Candidate must also possess:

Demonstrated Expertise (DE) developing scanning tools and scripts to identify personal identifiable information (PII) -- security credentials and configurations -- to improve effectiveness of audits, using Python, PowerShell, and SQL; and performing data analysis on large datasets, collecting data, and developing readiness reviews, audit reports, and presentations with recommended remediation and corrective actions for senior management, using Microsoft PowerPoint, Visio, and Word.

DE performing IT risk analysis and security assessments of corporate-wide IT infrastructure, and Cloud and system development by applying cybersecurity principles and techniques -- NIST CSF; identifying technical control weaknesses, system vulnerabilities, and insecure configurations, using Amazon Web Services, Azure, Docker, Kubernetes, API, Oracle DB, and Microsoft SQL Server.

DE verifying the security and efficiency of Secure Software Development Lifecycle (SSDLC) processes, using DevOps and vulnerability scanning platforms -- Bitbucket, Jenkins, Artifactory, Concourse, Veracode, Guardium VA, and Qualys; and identifying security gaps in privileged accounts administration, secrets management, and identity services, using Active Directory, SAML, and oAuth.

DE auditing internal controls and examining regulatory and financial risk within asset management services (managed accounts, global asset allocation for equities, and fixed and high income securities) and mutual fund operations (fund accounting and money movement).

For full job details and to apply, please visit https://jobs.fidelity.com/ and search for job number: 2022990.

Keywords: Fidelity Investments, Cambridge , IT Audit Manager - 2022990, Finance , Boston, MA, Massachusetts