Cloud/DevOps Risk Analyst

Job Description:

Cloud/DevOps Risk Analyst, Cloud/DevOps Center of Excellence

Enterprise Technology Risk (ETRA) is seeking a passionate, driven, and experienced professional to join our Cloud/DevOps Center of Excellence. You will help manage ETRA's relationship with Fidelity Architecture and Engineering (FAE) and will work closely with the various ETRA BU tech risk teams with several aspects of proactive risk and control assessments, monitoring technology controls and overseeing remediation plans. These include controls and risks related to cloud platforms and various other solutions supported or provided by FAE. You will also provide appropriate risk and controls consulting on cloud and emerging technologies activities, and engage with FAE teams, Internal Audit and External Audit teams. You will help enhance and manage the core program activities, including executing the technology risk strategy and program, and working with Technology, Operations and Risk teams to holistically manage risk.

• Bachelor's degree in computer science, technology, or a related field of study
• At least 3 years' experience in information technology risk, controls, or audit roles with a large focus on cloud risk assessments.
• Experience in assessing cloud platform implementations, CI/CD pipelines, ITGC testing.
• Experience in analyzing end-to-end processes, while taking a data-driven approach to decision-making, with the ability to measure, collect, and leverage data effectively.
• Strong exposure to technology operations, analysis, development, and monitoring of controls
• Excellent communication and presentation skills to build rapport with partners, stakeholders, and to influence key decision makers to prioritize the remediation of cloud-based deployments/DevOps associated risks.
• Knowledge of Industry standards, frameworks, and best practices, such as NIST SP800-53, COBIT, SOC1, ISO27001 is preferred
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
• Knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS)
• Understanding of application development, deployment, and management patterns, especially DevOps and CI/CD practices in the Cloud is preferred
• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management
• Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred

• Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed
• Conducting in-depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation
• Assist with developing and monitoring controls related to Cloud and Emerging Technologies and to meet applicable security, audit, regulatory requirements
• Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management
• Determining appropriate KPIs/KRIs for IT risk monitoring
• Understanding and consulting on information security standards and industry best practices
• Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.
• Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.