Job title: Information Security Senior Technical Analyst – TPF
Company: Fidelity International
Job description: About the opportunity
Department Description
The Global Cyber & Information Security (GCIS) function operate enterprise security services and controls that are designed to mitigate Cyber and Information Security risks, enabling the business to operate securely. Technical Cybersecurity teams monitor the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Information Security Officers are aligned to business channels and Fidelity regions as appropriate, to ensure the Fidelity Information Security standards are embedded and risks are managed.
Team & Role Description
The Information Security function at Fidelity International is part of the Global Cyber & Information Security (GCIS) group, reporting to the Head of Global Cyber & Information Security. The function includes the Information Security Office and Information Security Management. The Information Security function works with business partners and channels to balance their strategies with reducing risk to the organization, supporting those partners to manage data risk within the firm’s risk appetite.
The Information Security function acts as the business engagement point, providing a bridge between business, technology, and Cybersecurity. The Information Security function takes in business requirements, but also delivers back key control requirements and supports the business in achieving the required control targets and behaviors.
Your Role:
The Information Security Technical Senior Analyst is primarily responsible for supporting the Information Security function in managing the information security management system effectively within Fidelity through its policies and standards. As the role requires active engagement with stakeholders across technology and the business, the candidate will utilise their strong communication skills on conjunction with their ability to understand risk, controls, and governance within the organisation. In addition the candidate will be providing regular consultancy and advise on industry best practice, taking into account new technologies, regulations, and corporate requirements into supporting the continual improvements of the policy and standard suite inline with our technology policy framework.
Key Responsibilities
- Support the development and evaluation of Information Security Policy framework that includes policies, standards, technical standards, processes, and guidelines.
- Ensure completeness and accuracy of key information security Policies and Standards per industry benchmarks (ISO, NIST, CIS, etc.)
- Participate in the design, implementation and training on the GRC tool supporting ISMS activities.
- Support and maintain oversight to ensure all information security Policies, Standards, Procedures, and Guidelines comply with the applicable regulatory requirements, local laws and chosen industry standards.
- Develop, implement, and evaluate guidance, processes, policies, and controls to ensure Fidelity data is structured and secured appropriately.
- Contribute to the definition, development, and oversight of a global information security GRC framework.
- Drive process improvements by devising metrics to assist management decisions.
- Communicate with all levels of the business and technical teams to gain consensus on information security risk and compliance requirements, including analysing business processes and development of process improvement plans.
- Contribute towards a unified security model. Execute innovative ways to reduce security risk based on principles, and build our common framework, methodology and tools to support risk remediation.
- Support risk assessment and control self assessments, BIAs, internal assessments and automated checks of compliance towards different areas of information security Policies and Standards
- Ensure any material security risks to the business are communicated in a timely and effective manner, in-line with the security policies and control requirements.
- Provide education, awareness and alignment of ongoing ISMS compliance obligations.
- Work with the Information Security Officers on different security projects that address identified risks and business security requirements.
- Work closely with colleagues in India, UK, Continental Europe, and Asia to plan and deliver security programs
Experience Required
- 4+ years’ experience in Information Security in a large organization, preferably Financial Services and having a good know-how of:
- Risk advisory & GRC oversight
- Senior management communications
- Metrics (GRC Reporting)
- Risk Management tools
- Management of Information Security Policies, Procedures and Controls
- Detailed working experience on developing information security policies, standards, controls, and frameworks
- Experience of working in an ISO 27001 accredited organization
- Working knowledge of industry security frameworks including ISO 27001, NIST Cybersecurity Framework, PCI DSS, COBIT, CIS Controls.
- Ability to collaborate with SMEs and technical know-how to drive improvements and updates in the policy framework.
- Knowledge of cloud technologies and cloud security is desired; familiarity with public cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure is desirable.
- General understanding of IT security principles relating to maintaining a secure environment by using various technologies including networking products, VPN, access control, firewalls, intrusion detection systems, and application security methodologies.
- Well versed in Risk Management principle including 3 lines of defense
- Ability to plan, organize, coordinate and work well under pressure without supervision
- This role requires liaison with senior people both within the organization and externally. The candidate will be required to be professional, confident, confidential, and discreet
- An eye for detail with the ability to produce accurate, well-structured reports according to deadlines
- Innovative and team worker
- Excellent PC skills, especially office 365.
- Skills required:
- Strong communication
- Team working
- Strategic thinking with broad business knowledge of the financial or technology industry
- Data analytics skills
Desirable qualifications
- Related graduate degree
- Certified ISO 27001 lead implementer or auditor
- Certified Information Systems Auditor
- Certified Information Systems Security Professional
About you
About Fidelity International
Fidelity International offers investment solutions and services and retirement expertise to more than 2.56 million customers globally. As a privately-held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 locations and with $783.6 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.
Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.
Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond.
We are committed to being a truly flexible employer, encouraging and trusting our people to perform their role in the way that works best for them, our business, our colleagues and our clients. We offer the maximum possible flexibility over where and when you work for all, considering your role and any local regulations. We call this new approach “dynamic working”.
Find out more about what we do, our history, our new approach of “dynamic working” and how you could be a part of our future at
Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.
Expected salary:
Location: Gurgaon, Haryana
Job date: Sun, 17 Jul 2022 03:43:45 GMT
Apply for the job now!