Director - Technology Risk Controls CoE

Fidelity•Merrimack, NH

1d•Hybrid

About The Position

Do you want to join a team focused on developing Next-Gen capabilities in Technology Risk? The Enterprise Technology Risk group is seeking a passionate, driven and experienced professional to lead the Technology Risk Controls CoE team . This role is responsible for overseeing control management and control testing activities, including test execution, reporting, and control design and optimization. This strategic role will require strategic networking and relationship management skills to collaborate with various business units and risk teams, as well as a strong strategic mindset to develop and execute a control testing automation strategy. Additionally, keeping the team motivated and on track to meet program testing commitments is critical. Additional responsibilities include: Providing technical direction and professional guidance to Technology Risk associates that fosters individual growth and development as well as team and organizational deliverables Evaluating control maturity by performing control design and operating effectiveness reviews and reviewing associate output as needed Conducting in-depth control assessments, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation Assist with developing and monitoring technology controls to meet applicable security, audit, and regulatory requirements Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management Determining appropriate KPIs/KRIs for IT controls monitoring Managing IT Controls program activities; this includes managing the Controls Inventory, control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements. Developing an IT Controls automation strategy, and monitoring implementation progress

Requirements

8-10 years’ experience in information technology risk, controls, or audit roles
Prior experience in team management and leadership is preferred
Bachelor’s degree in computer science, technology, or a related field of study preferred
Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
Experience performing control assessments or implementing controls for large scale financial service organizations (cloud, distributed, vendor solutions, mainframe, and network environments)
Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)
Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS)
You have a strong knowledge of information technology processes and controls, and a comprehensive understanding of risk, quality control and assurance functions
Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring
Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development and monitoring of controls
Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, SWIFT, HITRUST is preferred
Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred
Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management

Nice To Haves

Prior experience in team management and leadership is preferred
Bachelor’s degree in computer science, technology, or a related field of study preferred
Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, SWIFT, HITRUST is preferred
Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred

Responsibilities

Overseeing control management and control testing activities, including test execution, reporting, and control design and optimization
Strategic networking and relationship management skills to collaborate with various business units and risk teams
Develop and execute a control testing automation strategy
Keeping the team motivated and on track to meet program testing commitments
Providing technical direction and professional guidance to Technology Risk associates that fosters individual growth and development as well as team and organizational deliverables
Evaluating control maturity by performing control design and operating effectiveness reviews and reviewing associate output as needed
Conducting in-depth control assessments, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation
Assist with developing and monitoring technology controls to meet applicable security, audit, and regulatory requirements
Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management
Determining appropriate KPIs/KRIs for IT controls monitoring
Managing IT Controls program activities; this includes managing the Controls Inventory, control documentation, and performing IT Controls Testing to meet internal assurance and external audit requirements.
Developing an IT Controls automation strategy, and monitoring implementation progress