Job Description

About the Opportunity Job Type: Permanent Application Deadline: 31 July 2023 Title: Technical Specialist Department: Global Cyber & Information Security Location: Gurgaon/ Bangalore Level: 4 We\'re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this By working together - and supporting each other - all over the world. So, join Global Cyber & Information Security team and feel like you\'re part of something bigger. Department Description The External Security Review team is part of Global Cyber and Information Security (GCIS) department within Technology. The team is responsible for conducting risk assessments on fidelity\'s third parties to ensure that threats associated with supplier\'s corporate environement are highlighted to business stakeholders before/ while they are utilising supplier services. Purpose of the Role The aim of the role is to ensure that Fidelity\'s information within supplier\'s corporate network is safeguarded by appropriate controls inline with industry best practices and standards. Key Responsibilities The role will require close working relationships with business, operations and systems line managers, Information Security Officers in India, Asia, CE and UK, other securtion functions within GCIS, Central and European Oversight, Corporate Communications and HR. Managing Service ownership and end-to-end delivery of conducting periodic cyber security-based risk assessments of Fidelity\'s global list of suppliers in specified domains. Improving supplier\'s security posture by supporting implementation of security controls that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Fidelity\'s business objectives through process improvement, policy, automation, and the continuous evolution of capabilities. Evaluating risks and developing/reviewing security standards, procedures, and controls to manage risks. Conduct detailed analysis of supplier\'s controls in specific domains based on service. Ex: cloud service infrastructure or business continuity and recovery procedures. Reviewing supporting documentation and performing research on the supplier operations and other relevant information provided or available about the vendor/supplier. Assessment of compliance of vendors against standards/controls, SOC 2, ISO 27001 etc. Highlighting the supplier\'s information security threats to business stakeholders on Fidelity\'s data stored, controlled or processed by the third party. Identify and communicate departmental vendor risk issues and compliance problems that have not been adequately addressed offer reasonable solutions, and assist them with efforts to come into compliance Serve as subject matter expert to provide risk informed decisions on vendor usage and onboarding to business stakeholders. Communicating information security risk in business language by preparing vendor assessment summary or reports which will include an analysis of the controls implemented in vendor\'s corporate environment. Engage with the vendors and Business stakeholders to support risk management activities which includes validation of action plan and remediation of raised issues. Follow up, track, and manage issue remediation as per defined timelines. Establish or maintain escalation and reporting methodologies. Continuously improve customer satisfaction and coverage. Support internal and external audit process for relevant compliance Ensure compliance to Fidelity Information security policies and standards. Communicate issues, solutions and status to team members and senior management on timely manner. Demonstrate innovative and enthusiastic approach towards technology and problem solving. Implementation and Operational knowledge on Compliance and Maturity frameworks on ITGC. Display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. Experience and Qualifications Required Strong knowledge and understanding of information security concepts, risk and security control frameworks such as ISO27001, NIST or CoBIT. Strong understanding of Cloud security controls with proven knowledge through professional certification such as CCSK, CCAK, CCSP, CompTIA Cloud+ etc Knowledge of internal controls, governance, regulatory frameworks and acts such as GDPR, ESMA Cloud outsorcing guidelines, PDPA Singapore, etc. Knowledge of security requirements and implementation of relevant controls for booming new technologies especially cloud. Experience of working on Cyber Security risk management and monitoring platforms such as RSA Archer, RiskRecon, BitSight etc. Experience of reviewing and interpreting vulnerability assessments or penetration tests on applications. 8+ years of professional work experience with at least 4 years of relevant experience of working in Cyber Security and Technology Risk domain. Ability to multi-task and prioritise workload with a keen attention to detail. Understanding or experience of working on cyber security assessment platform. Excellent PC and MS Office skills, especially MS Excel, V-Lookups and macros. SharePoint experience is desirable. Resilient, energetic and enthusiastic able to work under pressure. Commitment to high standards of excellence and integrity. Able to build strong relationships with peers, control owners and key stakeholders. Excellent verbal and written communicator, who can consistently deliver high quality work and engage and influence key stakeholders at all levels. Individual would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement. Added advantage to have professional certifications like ISO 27001, Comptia+, CISA, CISSP, CCSP etc Feel rewarded For starters, we\'ll offer you a comprehensive benefits package. We\'ll value your wellbeing and support your development. And we\'ll be as flexible as we can about where and when you work - finding a balance that works for all of us. It\'s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

foundit