Director, Cybersecurity Risk

Job Description:

Note: Fidelity will not provide immigration sponsorship for this position

The Role

The Enterprise Cybersecurity Risk (ECS Cyber Risk) team is seeking an experienced Director-level risk professional to lead in the creation of cyber risk analyses pertaining to ECS. The candidate will understand current and emerging cybersecurity risks and determine key risk scenarios for the ECS Product Areas. The candidate will hold Product Area risk / threat modeling sessions to prioritize top risks (Quarterly). The candidate will advise on backlog prioritization based on risk (Quarterly). The candidate will advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings. The candidate will quantify cyber risk and present analyses that will allow senior management to make informed decisions based on resulting risk data.

The Expertise and Skills You Bring

• Minimum 5-7 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders.
• Demonstrated experience in cybersecurity risk management.
• Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and SMEs, to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk analysis tools and communicate progress effectively across multiple lines and levels.
• Advanced understanding of NIST 800-53 Cybersecurity Framework and FAIR
• CISSP, CCSP, OpenFAIR certifications preferred.
• You have effective communication and excellent presentation skills to senior leaders.
• You can deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved.
• Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found is a must.
• You can work across business lines to influence, motivate change and help mitigate cyber risk.
• You have an advanced understanding of risks pertaining to the following: cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software.
• You operate in a fast-paced environment and can complete analyses quickly and accurately integrating new cybersecurity data into risk models as it emerges.
• Mathematical/statistic mindset
• You bring an investigator approach to deep dive into metrics to understand and communicate actionable risk to senior leadership.
• Providing data input into the ECS Heat Map Team
• Working with Product Area/Squad leaders to drive lasting security decisions which will substantially mitigate Fidelity's cyber risk.
• Evaluating multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement.
• Determining what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress.

The base salary range for this position is $126,000-255,000 USD per year.
Placement in the range will vary based on job responsibilities and scope, geographic location, candidate's relevant experience, and other factors.

Base salary is only part of the total compensation package. Depending on the position and eligibility requirements, the offer package may also include bonus or other variable compensation.


We offer a wide range of benefits to meet your evolving needs and help you live your best life at work and at home. These benefits include comprehensive health care coverage and emotional well-being support, market-leading retirement, generous paid time off and parental leave, charitable giving employee match program, and educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career. Note, the application window closes when the position is filled or unposted.

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

Certifications:

Category:

Information Technology