Senior Technology Risk Analyst - Controls CoE

Job Description:

The Role

Are you passionate about strengthening technology controls and influencing risk outcomes at enterprise scale? Do you thrive in complex environments where your judgment and expertise directly support audit, regulatory, and certification objectives? As a Senior Technology Risk Analyst, you will play a critical role in shaping how Fidelity evaluates and strengthens technology risk management across the organization. This role offers the opportunity to lead impactful testing efforts, collaborate with senior stakeholders, and continuously improve how we manage technology risk.

Core responsibilities include:

• Leading and executing technology risk and controls testing activities supporting audit, regulatory, and certification requirements
• Assessing control design and operating effectiveness across complex, distributed, cloud, and vendor‑hosted environments
• Partnering with technology, risk, and audit teams to identifying, analyzing, and escalating control gaps and emerging risks
• Applying advanced risk judgment and analytical thinking to solving complex control and risk challenges
• Contributing to improving testing methodologies, automation approaches, and documentation quality
• Providing guidance and informal mentorship to less experienced analysts while supporting broader testing workstreams

The Expertise and Skills You Bring

You bring strong experience in technology risk, controls, or audit functions within complex organizations, along with the ability to independently evaluate control effectiveness and navigate ambiguity. You have a solid foundation in technology risk frameworks and testing methodologies and are comfortable partnering with senior stakeholders across technology, audit, and compliance. You communicate clearly, apply sound professional judgment, and leverage data and analytics to drive meaningful insights.

• Bachelor’s degree in computer science, technology, or a related field (Master’s degree preferred)
• 5 or more years of experience in technology risk, IT, cybersecurity, cloud, analytics, or audit roles
• Experience performing control assessments and evaluating control maturity across diverse technology environments
• Working knowledge of industry frameworks such as NIST, COBIT, AICPA Trust Services Criteria, ISO 27001, HITRUST, or similar
• Familiarity with cloud security models (AWS, Azure, SaaS, PaaS) and GRC platforms such as Archer (preferred)
• Professional certifications such as CISA, CISSP, CRISC, or CISM (nice to have, not required)

Note: Fidelity will not provide immigration sponsorship for this position.

The Team

We are part of Fidelity’s Enterprise Technology Risk organization, embedded within the broader Legal, Risk, and Compliance function. Our Technology Risk Controls Testing team exists to provide independent, objective assurance over the effectiveness of technology controls protecting our clients, employees, and brand. We work closely with Corporate Audit, Enterprise Compliance, Information Security, Operational Risk, and technology and business partners across Fidelity.

Our team is built on collaboration, accountability, and a relentless commitment to risk excellence. We value diverse perspectives, continuous learning, and strong partnerships that help Fidelity remain resilient in an evolving technology landscape. We are committed to fostering an inclusive culture where our people are empowered to grow, contribute, and make a meaningful impact.

Certifications:

Category:

Information Technology

Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.