About the opportunity
Department Description
The global cybersecurity & Information security (GCIS) department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, and marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.
Global cybersecurity & Information security (GCIS) is responsible for:
Cyber Security: Protecting the Technology Environment from internal and external security threats,
Application Security (through secure coding practices, penetration testing, and developer training)
Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access Control Security Assurance & Compliance
Infrastructure Security
Vulnerability Management
Security Engineering and Architecture
IAM Product – working on engineering, supporting & implementing new IAM solutions providing security controls in products like Identity governance & administration, Privileged access management, PKI and Enterprise directory services.
Cyber Defence Operations
Purpose of your role
The global IT Security group consists of Identity & Access Management, Assurance & Compliance, Vulnerability Management Application Security, Cyber Defence Operations (CDO), and Security Application Support & Engineering, and is present across various locations - UK, Dublin, India, and Asia-Pacific.
The role will be an individual contributor in Vulnerability Management team. The individual will address vulnerabilities found through remediation recommendations, Vulnerability Alerts and Vulnerability Bulletins. Performs risk analysis and facilitates risk discussions for cross functional teams. Provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Assist with developing remediation plans. Monitor progress of agreed upon remediation plans. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.
Key accountabilities
Elevate - capabilityDefine, update, publicize and ensure adherence to the VM policies & standards
Conduct open source research to identify and analyze known and unknown vulnerabilities
Continuously expand and rationalize the vulnerability scan coverage.
Deliver - efficientlyTriage, prioritize Identify and draft mitigation guidance for vulnerabilities
Triage publicly disclosed vulnerabilities of vendor software/hardware products
Develop remediation plan along with platform and application teams and monitor progress of agreed plans.
Analyze known issues with vendor fixes and contact vendor for defined and attainable solution
Consult to range of internal business leaders on risk and IT security to determine current and target risk levels.
Engage - productivelyWork with platform / application teams at regular basis to increase sensitivity for addressing vulnerabilities
Work proactively with IT Infrastructure partners with respect to strategic and tactical plans
Communicate with Subject Matter Experts to determine expected impact and likelihood of loss events
Produce reports and dashboards that are easy to understand and identify actions.
Skills and experience
Must Have
Knowledge in computer network theory, Network data flows, ports, IT standards and protocols. Understanding of lifecycle of cyberspace threats, attack vectors, OWASP and exploitation methods.
Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations.
Bachelor’s degree in Computer Sciences or related field or equivalent experience.
5+ years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.
Hands on experience with security technologies, including vulnerability scanning tools (i.e. Nexpose, InsightVM etc.).
Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.
Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, web applications and network devices.
Provide reporting and analysis and follow up.
Provide vulnerability analysis and produce reports for management.
Experience in defining endpoint, network device & server hardening best practices.
Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
Prepare and maintain technical documentation of VM program including requirements, architecture designs, network topology, applications and application security designs.
Collaborate on and provide VM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities.
Good to have:
Excellent communication skills and problem-solving ability
Certification such as CISSP, CRISC, CISM, CEH
About you
About Fidelity International
Fidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.
Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.
Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.
As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 31 March 2021. Read more at https://www.fidelityinternational.com/
Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.
