Principal Cybersecurity Consultant

Position Description:

Identifies complex risk to systems, networks, and enterprises based on threat, operations, risk, and cyber program capabilities. Supports business units in identifying cybersecurity risk in terms of risk to compliance and operations. Examines the organization's security needs and performs complex gap analyses. Assists external auditors in analyzing specifics of organization's internal controls. Develops and defines security requirements and operational procedures to ensure compliance with the security framework. Uses business knowledge to translate the vision for divisional initiatives into business solutions. 

Primary Responsibilities:

• Reviews controls performance, vulnerability management status, and operational data.
• Reviews reporting related to scans for weaknesses and vulnerabilities in deployed technologies.
• Reviews and audits code to detect software flaws.
• Conducts technology risk reviews as requested by program owners.
• Supports incident investigation resulting in the analysis of risk management methods.
• Develops, proposes, designs, and modifies updates to operational solutions within security
• Responsible for meeting project goals on time and on budget.
• Establishes full project life cycle plans for complex projects across multiple platforms.
• Performs business risk assessments and certification standard reviews.
• Interprets and applies systems testing principles, methods, and tools.
• Advises senior management on technical strategy.
• Performs repeated systems testing events at a systems level across multiple platforms and with an increasing complexity.
• Develops security architecture and engineering recommendations based on identified risk.
• Implements the appropriate tools and methods to protect company systems and information.
• Applies appropriate security documentation in the development of the findings and mitigation.
• Recommends courses of action based on risk within security management.
• Develops business cases that justify information security architecture initiatives.
• Recommends applications and tools to improve system integrity.
• Designs documentation and procedures for performing functions within security management.
• Plans, implements, upgrades, or monitors security measures for the protection of computer

networks and information.

• Ensures appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
• Mentors junior team members.

Education and Experience:

Bachelor's degree (or foreign education equivalent) in Computer Science, Engineering, Information

Technology, Information Systems, Information Security, or a closely related field and five (5) years of experience as a Principal Cybersecurity Consultant performing technical analysis to assess and recommend cybersecurity controls that prevent, detect, and mitigate associate access lifecycle risks within a financial services environment, using Arrow and MyAccess.

Or, alternatively, Master's degree (or foreign education equivalent) in Computer Science, Engineering,

Information Technology, Information Systems, Information Security, or a closely related field and three (3) years of experience as a Principal Cybersecurity Consultant performing technical analysis to assess and recommend cybersecurity controls that prevent, detect, and mitigate associate access lifecycle risks within a financial services environment, using Arrow and MyAccess.

Skills and Knowledge:

Candidate must also possess:

• Demonstrated Expertise ("DE") performing application security attestation for newly onboarding applications with Identify and Access Management (IAM) integrations and complex data provisioning across Windows, Unix, and AS400 in an Agile framework using IAM assurance tools within a Financial Services industry (Asset Management (AM)).
• DE supporting and managing the global associate access lifecycle -- termination, transfers, and hire; and designing and providing recommendations for Toxic Combination Access protocols --external business partners -- using Arrow authorization tool and the MyAccess approval workflow/provisioning tool.
• DE analyzing information security risks, providing risk mitigation, and user permission protocols consultation across database platforms by writing SQL queries in Oracle OBIEE and MS Access using IAM assurance tools in an investment trading environment (AM).
• DE conducting technology assessments of application and infrastructure vulnerabilities for current and emerging technologies used to develop, deploy, and support (AM) business applications and infrastructure systems; and analyzing AM business priorities and providing technical direction to business unit technology and Enterprise Cybersecurity program leaders to ensure the business operates securely within on-premise environments in an investment trading organization (AM).

#PE1M2

#LI-DNI

Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.