This site uses cookies. To find out more, see our Cookies Policy

Cybersecurity Risk Consultant/ Policy Writer in Cary, NC at Veritude

Date Posted: 3/8/2018

Job Snapshot

Job Description

Veritude is looking for a Cybersecuity Risk Consultant at Fidelity Investments.  This position is based in Durham, NC.

Tech Writer of Security Policies and Standards  


The Enterprise Cybersecurity (ECS) Policy team has an opportunity for someone who aspires to semi-technical forms of writing, understands technology, and possesses strong analytical and communication skills.  ECS is transforming Fidelity’s focus on security and has a supporting roadmap to continuously update our security policies, standards, and controls to ensure we’re leading the charge in staying ahead of the evolving threats against our firm.

We’re looking for a driven, talented writer with a proven track record of success to help us scale the efficiency and effectiveness of our publishing team. This is your opportunity to get involved at the grass roots level with Cybersecurity.  In this role you’ll significantly raise your understanding of security policy, controls, and many of our solutions used in mitigating Fidelity’s risk.   Consider this role as your first step in opening your career to other exciting Cybersecurity opportunities as you build your skills with us.

The position is located in North Carolina.

Primary Responsibilities

  • Provide support to the Enterprise Cybersecurity Policy Program.  Assist in the development, modification, socialization and promulgation of Cybersecurity Policy.
  • Facilitate program/project objectives by contributing to tactical and strategic Business Unit goals
  • Provide planning and documentation support for policy, processes and procedures
  • Lead policy working groups consisting of ISO delegates, functional representatives, SMEs for policy updates
  • Maintain awareness of Fidelity operational changes, best practices, and changes in the regulatory environment
  • Serve as a policy subject matter expert on Cybersecurity within working groups. 
  • Support the development and maintenance of an effective governance program to support current and future policy needs and the role they have in Information Technology and Information Security certification efforts.
  • Review policies against emerging threats, legislative and regulatory changes as well customer expectations
  • Support business requests for policy changes and updates.
    • Support the development of compliance metrics to ensure policies adhere to leadership intent and business priorities
  • Support various programmatic (ECS, FTG/EI) efforts leading to the adoption and execution against new and existing information security policy requirement
  • Work with ECS staff as well as BU partners, FTG/EI and others to develop a coordinated compliance program
  • Research best practices across industry in deploying, operating, and assessing security controls and provide feedback for potential policy and operational program enhancements.

Desired Qualifications

Education and Experience

  • Bachelor's Degree in (MIS, Computer Science, Cyber Security, Information Assurance) or a related field (or equivalent experience)
  • 4+ years of cybersecurity experience (governance experience is a plus)
  • Industry relevant certification (e.g.,CISSP, CISA, CRISC, CISA, CISM, CGEIT)

Skills and Knowledge

  • Experience with conducting needs assessments, requirements gathering, workflow analysis, and agile methodology
  • Working/practical knowledge of Legal, Regulatory, and Industry Cybersecurity requirements and Best Business Practices
  • Broad technical skillset with a minimum working knowledge of securing/implementing; Operating Systems, Databases, Network appliances, DMZ’s, cryptography, and Access Control in a physical and virtual environment.
  • Broad understanding or knowledge of risk management practices and security program development including; change management, access control, and physical security.
  • Thorough insider knowledge of Fidelity and ability to navigate across business units preferred
  • Ability to assess and weigh current and evolving security and privacy risks in an operational environment
  • Be able to manage uncertainty, rapid change, ambiguity, surprises, and a less defined environment.
  • Strong working knowledge of security governance and security controls
  • Solid written and oral communication skills with customers, technical team members, and other technical contributors across the organization
  • Ability to create and deliver compelling presentations (powerpoint) to various organizational levels clearly demonstrating security and business goals