Senior Manager, IT Audit - 2075041

Company: Fidelity Investments
Location: Westlake, TX
Posted on: April 26, 2023

Job Description:

Conducts audit projects, using Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), virtualization, and DevOps tools in traditional and Cloud-based environments. Maintains and adheres to Agile methodologies by contributing to Agile ceremonies --stand-ups, backlog refinement, sprint planning using Agile artifacts -- Canvas, Story Map, and Point of View. Executes audit projects and makes recommendations for security improvement and enhancement using experiential understanding of application, infrastructure, cybersecurity controls, and secure application development (SSDLC) techniques. Provides independent and objective audit and advisory services that manage risk, improve customer service, and enhance business performance. Leads professional teams to execute technical audit projects focused on evaluating the design and effectiveness of application, infrastructure, and cybersecurity controls and processes. Assesses the adequacy and effectiveness of controls, risk management, compliance, and government processes.

Primary Responsibilities:

Audits data centers, network and IT infrastructure, firewalls, Cloud and mobile security, disaster recovery, and change and configuration management.

Leads Agile teams to execute technical audit projects focused on the evolution of the design and effectiveness of application, infrastructure, and cybersecurity controls and procedures.

Assesses risks and controls associated with internal and external cybersecurity threats, DevOps, vendor product solutions and Cloud security, data protection, and access administration.

Performs data analysis on potential exposures due to control weaknesses for management.

Collaborates with business, technology, security, legal, and privacy practitioners to evaluate initiatives that protect employee and customer privacy.

Collaborates with application developers, system architects, engineers, and security practitioners to perform readiness assessments of pre-production systems and emerging technologies.

Participates in cross-enterprise audits to identify and address systemic gaps.

Executes audit reviews, communicates issues to management, and follows-up on corrective actions.

Analyzes audit data and summarizes audit findings by applying strategic and organizational concepts, principles, methods, and techniques to solve issues and document results.

Applies Agile auditing approaches to complete audit reviews.

Develops automated tools to evaluate application security and executes scripts to extract configuration data, roles and permissions, policies, and Cloud provider information.

Drafts audit reports that provide a clear description of identified issues, related implications on the business or enterprise, and recommendations to resolve issues.

Evaluates risks and controls over enterprise infrastructure, networks and cybersecurity platforms, system development efforts, and vulnerabilities.

Debates issues to bring the most critical points to the forefront for decision making.

Mentors junior team members.

Education and Experience:

Bachelors degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Management - MIS Technology Management, Information Systems, Mathematics, Physics, or a closely related field and five (5) years of experience in the job offered or five (5) years of experience performing IT audit, information security, and risk management of enterprise and financial services applications and IT infrastructure on premises and in Cloud.

Or, alternatively, Masters degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Management - MIS Technology Management, Information Systems, Mathematics, Physics, or a closely related field and three (3) year of experience in the job offered or three (3) year of experience performing IT audit, information security, and risk management of enterprise and financial services applications and IT infrastructure on premises and in Cloud.

Skills and Knowledge:

Candidate must also possess:

Demonstrated Expertise (DE) verifying SaaS solutions in the following areas: integration with current business process, connectivity between applications and data, integration with existing systems, security, and logging and monitoring of SaaS business processes and events.

DE auditing internal controls and examining regulatory, financial, and technology risk within risk and compliance functions, finance, human resources, real estate, legal, diversified strategic investments, and charitable and emerging business incubator initiatives.

DE performing IT risk analysis and security assessments of corporate-wide IT infrastructure; performing Cloud and system development using cybersecurity principles and techniques -- NIST CSF; and identifying technical control weaknesses, system vulnerabilities, and insecure configurations, using Amazon Web Services (AWS), Docker, API, Oracle DB, and Microsoft SQL Server.

DE verifying the security and efficiency of Secure Software Development Lifecycle (SSDLC) processes, using DevOps and vulnerability scanning platforms -- Bitbucket, Jenkins, Artifactory, and Veracode; and identifying security gaps in privileged accounts administration, secrets management, and identity services-- using Active Directory, SAML, and oAuth.

For full job details and to apply, please visit https://jobs.fidelity.com/ and search for job number: 2075041.

Keywords: Fidelity Investments, Dallas , Senior Manager, IT Audit - 2075041 , Finance , Westlake, TX, Texas