Principal Technology Risk Analyst - Program & Regulatory Assurance
Listed on 2026-07-13
-
IT/Tech
Cybersecurity, IT Consultant, Information Security, Data Security
Job Title: Principal Technology Risk Analyst
Note: Fidelity will not provide immigration sponsorship for this position.
The RoleThe Enterprise Technology Risk group is seeking a passionate, driven and experienced professional to contribute to the Technology Risk Program and Regulatory Assurance CoE team. This role is responsible for performing regulatory and program management responsibilities, including designing and maintaining technology controls to support program and regulatory requirements. This role will require networking and relationship‑management skills to collaborate with the Controls Testing team, and various business units and risk teams across the enterprise.
You will be working on:
- Ensuring risk and control taxonomy aligns with enterprise standards
- Developing and monitoring technology controls for security and compliance
- Providing technical support and acting as liaison for technology risk management
- Managing control updates, annual mapping, and testing requirements
- Designing, documenting, and maintaining Risk and Control Matrices (RCMs/RACMs) across business and IT processes
- Continuously improving and standardizing control documentation and governance practices
- Partnering with the Control Testing team to track progress and remediation
- Representing ETRA in enterprise control initiatives and special projects
- Supporting regulatory activities, risk assessments, and examinations
- Leading and supporting SOX 404 compliance, including control documentation
- Reviewing SOC reports, assessing CUECs, and communicating control gaps
The Technology Risk Program and Regulatory Assurance team manages controls to support program requirements, monitors the results of control testing to meet mandating obligations, and ensures a consistent risk and control taxonomy is applied in accordance with enterprise best practices. The team works closely with Corporate Audit, Enterprise Compliance, Security, and Operational Risk to protect the interests of customers, employees, and the Fidelity brand.
TheExpertise and Skills You Bring
- 5–7 years’ experience in information technology risk, controls, or audit roles
- Bachelor’s degree in computer science, technology, or a related field (preferred)
- Professional technology and risk certifications such as CISSP, CISA, CRISC, CISM, CRE, CFE, or cloud certifications (CCSP, CCSK, AWS) preferred
- Experience documenting controls for large‑scale financial service organizations (cloud, distributed, vendor solutions, mainframe, network environments, and AI)
- Strong technical expertise in areas including infrastructure and application controls, cyber security, access management, network and cloud, and resiliency
- Working knowledge of cloud security and controls in AWS, Azure, SaaS, and PaaS environments
- Comprehensive understanding of information technology processes and controls, and risk, quality control and assurance functions
- Analytical and critical thinking skills with a passion for solving complex problems in ambiguous situations
- Ability to build and maintain collaborative working relationships with IT and business personnel to design effective controls
- Process orientation and operational understanding to support analysis, development, and monitoring of controls
- Knowledge of industry standards, regulations, frameworks and best practices such as NIST SP 800‑53, COBIT, AICPA Trust Principles, ISO 27001, SWIFT, HITRUST, and SOX 404 (preferred)
- ISO 9001 and/or ISO 27001 certification preferred, with responsibility to support and participate in ISO peer audit reviews
- Knowledge of Governance, Risk, and Compliance (GRC) tools such as Archer (preferred)
- Excellent verbal and written communication skills to prepare and present recommendations to senior management
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).