Senior Manager, IT Audit - 2075041
Company: Fidelity Investments
Location: Westlake, TX
Posted on: April 26, 2023
Job Description:
Conducts audit projects, using Cloud Infrastructure-as-a-Service
(IaaS), Software-as-a-Service (SaaS), virtualization, and DevOps
tools in traditional and Cloud-based environments. Maintains and
adheres to Agile methodologies by contributing to Agile ceremonies
--stand-ups, backlog refinement, sprint planning using Agile
artifacts -- Canvas, Story Map, and Point of View. Executes audit
projects and makes recommendations for security improvement and
enhancement using experiential understanding of application,
infrastructure, cybersecurity controls, and secure application
development (SSDLC) techniques. Provides independent and objective
audit and advisory services that manage risk, improve customer
service, and enhance business performance. Leads professional teams
to execute technical audit projects focused on evaluating the
design and effectiveness of application, infrastructure, and
cybersecurity controls and processes. Assesses the adequacy and
effectiveness of controls, risk management, compliance, and
government processes. Primary Responsibilities: Audits data centers, network and IT infrastructure, firewalls,
Cloud and mobile security, disaster recovery, and change and
configuration management. Leads Agile teams to execute technical audit projects focused on
the evolution of the design and effectiveness of application,
infrastructure, and cybersecurity controls and procedures. Assesses risks and controls associated with internal and
external cybersecurity threats, DevOps, vendor product solutions
and Cloud security, data protection, and access administration. Performs data analysis on potential exposures due to control
weaknesses for management. Collaborates with business, technology, security, legal, and
privacy practitioners to evaluate initiatives that protect employee
and customer privacy. Collaborates with application developers, system architects,
engineers, and security practitioners to perform readiness
assessments of pre-production systems and emerging
technologies. Participates in cross-enterprise audits to identify and address
systemic gaps. Executes audit reviews, communicates issues to management, and
follows-up on corrective actions. Analyzes audit data and summarizes audit findings by applying
strategic and organizational concepts, principles, methods, and
techniques to solve issues and document results. Applies Agile auditing approaches to complete audit reviews. Develops automated tools to evaluate application security and
executes scripts to extract configuration data, roles and
permissions, policies, and Cloud provider information. Drafts audit reports that provide a clear description of
identified issues, related implications on the business or
enterprise, and recommendations to resolve issues. Evaluates risks and controls over enterprise infrastructure,
networks and cybersecurity platforms, system development efforts,
and vulnerabilities. Debates issues to bring the most critical points to the
forefront for decision making. Mentors junior team members. Education and Experience: Bachelors degree (or foreign education equivalent) in Computer
Science, Engineering, Information Technology, Information
Management - MIS Technology Management, Information Systems,
Mathematics, Physics, or a closely related field and five (5) years
of experience in the job offered or five (5) years of experience
performing IT audit, information security, and risk management of
enterprise and financial services applications and IT
infrastructure on premises and in Cloud. Or, alternatively, Masters degree (or foreign education
equivalent) in Computer Science, Engineering, Information
Technology, Information Management - MIS Technology Management,
Information Systems, Mathematics, Physics, or a closely related
field and three (3) year of experience in the job offered or three
(3) year of experience performing IT audit, information security,
and risk management of enterprise and financial services
applications and IT infrastructure on premises and in Cloud. Skills and Knowledge: Candidate must also possess: Demonstrated Expertise (DE) verifying SaaS solutions in the
following areas: integration with current business process,
connectivity between applications and data, integration with
existing systems, security, and logging and monitoring of SaaS
business processes and events. DE auditing internal controls and examining regulatory,
financial, and technology risk within risk and compliance
functions, finance, human resources, real estate, legal,
diversified strategic investments, and charitable and emerging
business incubator initiatives. DE performing IT risk analysis and security assessments of
corporate-wide IT infrastructure; performing Cloud and system
development using cybersecurity principles and techniques -- NIST
CSF; and identifying technical control weaknesses, system
vulnerabilities, and insecure configurations, using Amazon Web
Services (AWS), Docker, API, Oracle DB, and Microsoft SQL
Server. DE verifying the security and efficiency of Secure Software
Development Lifecycle (SSDLC) processes, using DevOps and
vulnerability scanning platforms -- Bitbucket, Jenkins,
Artifactory, and Veracode; and identifying security gaps in
privileged accounts administration, secrets management, and
identity services-- using Active Directory, SAML, and oAuth. For full job details and to apply, please visit
https://jobs.fidelity.com/ and search for job number: 2075041.
Keywords: Fidelity Investments, Dallas , Senior Manager, IT Audit - 2075041 , Finance , Westlake, TX, Texas