Principal Technology Risk Analyst

  • Competitive
  • Merrimack, NH, USA
  • Permanent, Full time
  • Fidelity Investments
  • 18 Jan 18 2018-01-18

Principal Technology Risk Analyst

Asset Management Technology (AMT) organization provides global technology solutions and a scalable infrastructure to the investment advisor community in a manner that helps advance their business objectives. The Technology Risk Management (TRM) team within Asset Management Technology is responsible for identifying, measuring, and mitigating risks and managing technology controls within the Asset Management group.

The TRM team is looking for a Principal Technology Risk Analyst to contribute to the Technology Risk program activities. This role will involve working with all levels of management in Asset Management Technology, IT product and application teams, Risk and Information Security peers to protect critical Asset Management data and infrastructure and help mitigate risk across our critical business and infrastructure applications.

The Expertise We're Looking For

  • BS degree in Information Technology or a related field (Advanced degree preferred)
  • Six or more years of experience in Technology Risk and Controls, Information Security or IT Audit
  • Related experience in program or project management, and financial services
  • Previous experience working with varied technology teams to understand a broad variety of platforms and applications
  • Experience performing Technology risk assessments, Control assessments or IT Audits
  • Relevant certifications preferred (CISSP, CISA, CISM, CCSP, etc.)

The Purpose of Your Role

The Principal Technology Risk Analyst role will assist in the enhancement and maintenance of the Risk & Controls Assurance program activities for TRM. The role will assist in the execution of risk assessments and analysis, provide ongoing controls consulting and perform controls testing of IT controls to meet internal assurance and external audit requirements. The role will also support the tracking and remediation of audit issues and assist with other strategic risk programs such as Information Barriers and Cloud migrations.

The Skills You Bring
  • Technology Risk and Controls, Information Security or IT Audit experience in large, complex environment
  • Demonstrated program or project management experience
  • Strong written and interpersonal communication skills
  • Knowledge of Technology environment (network, application, platform and database technologies), Information Security, and Infrastructure related processes and controls
  • Knowledge of Industry standards, frameworks and best practices, such as NIST SP800-53, COBIT, SOC1, ISO27001
  • Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
  • Knowledge of Cloud security and controls is preferred
  • Ability to effectively communicate and collaborate across various organizations, functions and Business partners
  • Work well independently and with teams ranging from small groups to enterprise teams

The Value You Deliver

  • Conduct Risk assessments and Risk analysis for identification of top risks and generation of Risk heat maps and dashboards
  • Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements.
  • Develop/maintain control and test procedure documentation, perform controls testing and validate evidence based on established test schedules.
  • Assist with Cloud controls framework, validation of controls and perform readiness assessments for migration of applications to the Cloud environment
  • Provide support for the tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.
  • Assist with the implementation and administration of the controls functionality within the GRC tool/Open Pages.
  • Provide support for the Information Barriers program between FMR and other Fidelity entities

How Your Work Impacts the Organization

The Technology Risk Management (TRM) team is responsible for identifying, measuring, and mitigating technology risks within the Asset Management group and managing technology controls to protect Asset Management's platforms, applications, and data.Company Overview

At Fidelity, we are focused on making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. For information about working at Fidelity, visit

Fidelity Investments is an equal opportunity employer.