Principal Technology Risk Analyst - Program & Regulatory Assurance
Fidelity Investments · Merrimack, NH · 1 wk ago
On-siteFinanceFull-time
Responsibilities
- Ensuring risk and control taxonomy aligns with enterprise standards
- Developing and monitoring technology controls for security and compliance
- Providing technical support and acting as liaison for technology risk management
- Managing control updates, annual mapping, and testing requirements
- Designing, documenting, and maintaining Risk and Control Matrices (RCMs/RACMs) across business and IT processes
- Continuously improving and standardizing control documentation and governance practices
- Overseeing control certification process
- Partnering with Control Testing team to track progress and remediation
- Representing ETRA in enterprise control initiatives and special projects
- Supporting regulatory activities, risk assessments, and examinations
- Leading and supporting SOX 404 compliance, including control documentation
- Reviewing SOC reports, assessing CUECs, and communicating control gaps
Requirements
- 5 - 7 years’ experience in information technology risk, controls, or audit roles
- Bachelor’s degree in computer science, technology, or a related field of study preferred
- Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
- Experience documenting controls for large scale financial service organizations (cloud, distributed, vendor solutions, mainframe, network environments, and AI)
- Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)
- Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS)
Skills
- A strong knowledge of information technology processes and controls, and a comprehensive understanding of risk, quality control and assurance functions
- Able to solve complex problems, comfortable with ambiguous situations, and able to help mitigate risk using advanced analytical and critical thinking skills
- Able to build and maintain collaborative working relationships with Information Technology and Business personnel to design effective controls
- A process orientation and understanding of operations and technology enabling support in the analysis, development, and monitoring of controls
- Knowledge of Industry standards, regulations, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, SWIFT, HITRUST, and SOX404
- Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer
- Excellent verbal and written communication skills enabling preparation and presentation of recommendations to senior management