Participates in operational and integrated audits of data
centers, network and IT infrastructure, firewalls, perimeters, and
mobile security, disaster recovery, change and configuration
management, and incident handling by developing hypotheses on risk
and controls. Provides input to integrated audit plans. Provides
audit and advisory services that enhance business performance,
manage risk, and improve overall customer experience.
Assesses and evaluates controls over enterprise-wide systems,
infrastructure, IT environments, and system development
Collaborates with different levels of management within a
variety of businesses or functions to identify risks and resolve
issues across the global organization.
Completes audits in accordance with industry standards and
Escalates identified issues and proposes viable solutions.
Presents findings to audit management and business leaders.
Prepares audit reports and provides recommendations.
Gains management concurrence and support for recommended control
Maintains relationships with audit customers at appropriate
levels and promotes teamwork and responsibility with engagement
Determines acceptable levels of exposure, implements controls,
and provides ongoing measurement.
Monitors related risk environments in traditional and Agile
Provides consulting support on company initiatives to management
and information technology controls.
Develops and mentors audit staff.
Education and Experience:
Bachelors degree (or foreign education equivalent) in Computer
Science, Business Administration, Engineering, Information
Technology, Information Systems, Information Assurance,
Mathematics, or a closely related field and five (5) years of
experience in the job offered or five (5) years of experience
performing Information Technology (IT) audits, risk assessments,
and cybersecurity control reviews.
Or, alternatively, Masters degree (or foreign education
equivalent) in Computer Science, Business Administration,
Engineering, Information Technology, Information Systems,
Information Assurance, Mathematics, or a closely related field and
three (3) years of experience in the job offered or three (3) years
of experience performing Information Technology (IT) audits, risk
assessments, and cybersecurity control reviews.
Skills and Knowledge:
Candidate must also possess:
Demonstrated Expertise (DE) leading the execution of large-scale
IT audits -- performing risk assessments, and planning, scoping,
testing, and delivering concurrent audits with an emphasis on cyber
security and technology process -- by applying cybersecurity
principles and techniques including, NIST, CIS, and COBIT to
on-premise (Windows, UNIX/Linux, and Mainframe) and internal and
external Cloud (Amazon Web Services, Microsoft Azure AD/B2C, and
Red Hat OpenShift) environments; and containerizing applications,
using Kubernetes and Docker.
DE assessing security and insecure configurations of structured
and unstructured databases -- MySQL, Oracle, DB2 and MongoDB --
against CIS Benchmarks; performing readiness assessments on
Enterprise DataLakes -- Hadoop and Snowflake; performing data
governance, conversions, and quality validations using Informatica
Data Quality; and performing metadata management and data lineage
review using AbInitio.
DE evaluating DevOps Continuous Integration (CI) processes,
using Jenkins, Git, BitBucket, and Artifactory; evaluating DevOps
Continuous Delivery (CD) processes using uDeploy; identifying and
analyzing security vulnerabilities using scanning platforms -
Veracode and SonarQube; reviewing microservice and API
specifications using Swagger; and drafting audit results and
corrective action report presentations for executive
DE designing and documenting internal controls and data
visualization tests, using SAS, ACL, Tableau, and PowerBI;
performing unstructured data analysis using SAS Enterprise Miner;
providing recommendations for improved controls and enhanced
business efficiency; and supporting continuous auditing and
monitoring automation by scripting SQL queries in response to audit
findings and issue tracking.
For full job details and to apply, please visit
https://jobs.fidelity.com/ and search for job number: 2028820.