IT Audit Manager - 2022990
Company: Fidelity Investments
Location: Boston, MA
Posted on: May 7, 2021
Job Description:
Plans and performs audit reviews to evaluate high risk areas and
controls efficiencies associated with internal and external
cybersecurity threats, data and network protection, and
infrastructure, application, and Cloud vulnerabilities.
Communicates emerging issues and key audit results to management
and client stakeholders. Devises solutions for business
improvements and follows-up on corrective actions. Primary Responsibilities: Audits data centers, network and IT infrastructure, firewalls,
Cloud and mobile security, disaster recovery, and change and
configuration management. Leads Agile teams to execute technical audit projects focused on
the evolution of the design and effectiveness of application,
infrastructure, and cybersecurity controls and procedures. Assesses risks and controls associated with internal and
external cybersecurity threats, DevOps and Cloud security, data
protection, and access administration. Performs data analysis on potential exposures due to control
weaknesses for management. Collaborates with business, technology, security, legal, and
privacy practitioners to evaluate initiatives that protect employee
and customer privacy. Collaborates with application developers, system architects,
engineers, and security practitioners to perform readiness
assessments of pre-production systems and emerging
technologies. Participates in cross-enterprise audits to identify and address
systemic gaps. Executes audit reviews, communicates issues to management, and
follows-up on corrective actions. Analyzes audit data and summarizes audit findings by applying
strategic and organizational concepts, principles, methods, and
techniques to solve issues and documents results. Adheres to Agile methodologies by contributing to Agile
ceremonies --stand-ups, backlog refinement, sprint planning, using
Agile artifacts (Canvas, Story Map, and Point of View). Applies Agile auditing approaches to complete audit reviews. Develops automated tools to evaluate application security and
executes scripts to extract configuration data, roles and
permissions, policies, and Cloud provider information. Drafts audit reports that provide a clear description of
identified issues, related implications on the business or
enterprise, and recommendations to resolve issues. Evaluates risks and controls over enterprise infrastructure,
networks and cybersecurity platforms, system development efforts,
and vulnerabilities. Plans, implements, upgrades, or monitors security measures for
the protection of computer networks and information. Responds to computer security breaches and viruses and shares
relevant threat advisories with the team to raise awareness. Education and Experience: Bachelors degree (or foreign education equivalent) in Computer
Science, Engineering, Information Technology, Information Systems,
Information Assurance, Mathematics, Physics, or a closely related
field and three (3) years of experience in the job offered or three
(3) years of experience performing Information Technology audits,
risk assessments, and cybersecurity control reviews. Or, alternatively, Masters degree (or foreign education
equivalent) in Computer Science, Engineering, Information
Technology, Information Systems, Information Assurance,
Mathematics, Physics, or a closely related field and one (1) year
of experience in the job offered or one (1) year of experience
performing Information Technology audits, risk assessments, and
cybersecurity control reviews. Skills and Knowledge: Candidate must also possess: Demonstrated Expertise (DE) developing scanning tools and
scripts to identify personal identifiable information (PII) --
security credentials and configurations -- to improve effectiveness
of audits, using Python, PowerShell, and SQL; and performing data
analysis on large datasets, collecting data, and developing
readiness reviews, audit reports, and presentations with
recommended remediation and corrective actions for senior
management, using Microsoft PowerPoint, Visio, and Word. DE performing IT risk analysis and security assessments of
corporate-wide IT infrastructure, and Cloud and system development
by applying cybersecurity principles and techniques -- NIST CSF;
identifying technical control weaknesses, system vulnerabilities,
and insecure configurations, using Amazon Web Services, Azure,
Docker, Kubernetes, API, Oracle DB, and Microsoft SQL Server. DE verifying the security and efficiency of Secure Software
Development Lifecycle (SSDLC) processes, using DevOps and
vulnerability scanning platforms -- Bitbucket, Jenkins,
Artifactory, Concourse, Veracode, Guardium VA, and Qualys; and
identifying security gaps in privileged accounts administration,
secrets management, and identity services, using Active Directory,
SAML, and oAuth. DE auditing internal controls and examining regulatory and
financial risk within asset management services (managed accounts,
global asset allocation for equities, and fixed and high income
securities) and mutual fund operations (fund accounting and money
movement). For full job details and to apply, please visit
https://jobs.fidelity.com/ and search for job number: 2022990.
Keywords: Fidelity Investments, Manchester , IT Audit Manager - 2022990, Finance , Boston, MA, New Hampshire
Click
here to apply!
|