Job Description

About the Opportunity Job Type: Permanent

Contract duration : 5 months.



Title: Senior Technical Analyst

Department: Global Cyber & Information Security

Location: Gurgaon, India

Reports To: Technical Consultant

We're proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our Global Cyber & Information Security team and feel like you're part of something bigger.

Department Description

The Information Security & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Information Security & Technology Risk (ISTR) is responsible for:

• IT Security: Protecting the Technology Environment from internal and external security threats,

• Application Security (through secure coding practices, penetration testing, and developer training)
• Centralised Access Management - working to principles of least privilege, access appropriate to role, and Role Based Access Control
• Security Assurance & Compliance
• Vulnerability Management
• Security Engineering and Architecture
• Security Application Support
• Cyber Defence Operations
• Information Security Risk Management
• Technology Risk and Audit Management,
• Technology Service Continuity

Purpose of your role

The global IT Security group consists of Identity & Access Management, Assurance & Compliance, Vulnerability Management Application Security, Cyber Defense Operations (CDO), and Security Application Support & Engineering, and is present across various locations - UK, Dublin, India, and Asia-Pacific.

Address vulnerabilities found through remediation recommendations, Information Vulnerability Alerts and Information Vulnerability Bulletins. Performs risk analysis and facilitates risk discussions for cross functional teams. Provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Assist with developing remediation plans. Monitor progress of agreed upon remediation plans. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.

Key Responsibilities

• Elevate - capability

• Define, update, publicize and ensure adherence to the VM policies & standards
• Conduct open source research to identify and analyze known and unknown vulnerabilities
• Continuously expand and rationalize the vulnerability scan coverage.
• Deliver - efficiently

• Triage, prioritize Identify and draft mitigation guidance for vulnerabilities
• Triage publicly disclosed vulnerabilities of vendor software/hardware products
• Develop remediation plan along with platform and application teams and monitor progress of agreed plans.
• Analyze known issues with vendor fixes and contact vendor for defined and attainable solution
• Consult to range of internal business leaders on risk and IT security to determine current and target risk levels.
• Engage - productively

• Work with platform / application teams at regular basis to increase sensitivity for addressing vulnerabilities
• Work proactively with IT Infrastructure partners with respect to strategic and tactical plans
• Communicate with Subject Matter Experts to determine expected impact and likelihood of loss events
• Produce reports and dashboards that are easy to understand and identify actions.

Experience and Qualifications Required

Must Have:

• Knowledge in computer network theory, Network data flows, ports, IT standards and protocols. Understanding of lifecycle of cyberspace threats, attack vectors, and exploitation methods, OWASP
• Bachelor's degree in Computer Sciences or related field or equivalent experience.
• 5+ years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience
• Hands on experience with security technologies, including vulnerability scanning tools (i.e. Qualys, Nessus, Nexpose, InsightVM etc.)
• Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.
• Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, web applications and network devices

Good to have:

• Excellent communication skills and problem-solving ability
• Certification and such as CISSP, CRISC, CISM, CEH

Feel rewarded

For starters, we'll offer you a comprehensive benefits package. We'll value your wellbeing and support your development. And we'll be as flexible as we can about where and when you work - finding a balance that works for all of us. It's all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.