Information Security Analyst

Job Description

Current work authorization for Canada is required for all openings.

You will be working on a Hybrid office schedule as part of Fidelity’s dynamic working arrangement.

At Fidelity, we’ve been helping Canadian investors build better financial futures for over 35 years. We offer individuals and institutions a range of trusted investment portfolios and services - and we’re constantly seeking to find new and better ways to help our clients. As a privately owned company, we boldly embrace innovation in all areas as we continue to grow our business into the future.

Working with us means you’ll be part of a diverse and dedicated group of people who make a real difference for our clients and communities every day. You’ll have a wide range of opportunities to grow and develop your career in an inclusive environment where you’ll feel valued and supported to be your best - both personally and professionally.

Business Overview:
The Information Security Analyst supports the risk mitigation efforts of the Information Security group primarily through the technical support of the procedures and policies established to safeguard information assets.

What You Will Do:
1. Ensure the development life cycle complies with the information security policy requirements on secure coding and secure access controls.
- No overdue SCR/PEN test findings without valid exception
- Meet compliance deadlines (Patching/Upgrades, Anti-virus/Anti-spyware).
- Meet or exceed required verified level (DLP Program).

2. Tests for compliance with security policies and procedures. May assist in the creation, implementation, and/or management of security solutions.
- Participate in projects, reviews, and meetings, and provide guidance and feedback on security policies and issues.
- Implement and support compliance directives based on risk scores (NIST).

3. Ensure the information security policy requirements are communicated and taken into account by internal Infrastructure & development teams as well as third party vendors.
- Meet or exceed required verified level (Monthly CISO Scorecard).
- Meet or exceed required verified level (Monthly Nexpose scans).
- Analyze Nexpose findings, weeding out false positives, validating criticality of vulnerability and producing reporting to assist in tracking and remediation.
- Develop and maintain scripts for automation of various IT audits and processes.

6. Assist with assessment and integration of cloud vendors and SaaS from an Information Security requirements perspective.
- Maintain knowledge of cloud security and integration best practices.
- Participate in cloud /SaaS projects and provide security expertise and implementation requirements.
- Maintain data integrity in Fidelity’s asset registry

8. Conduct External Security Reviews on Fidelity vendors who have access to confidential information or perform critical functions.
- Conduct External Security Reviews (ESR) to identify risks with critical vendors.
- Create ESR report and conduct remediation activities with the vendor.
- Review and provide input on vendor contracts and security schedules.

9. Assist in monitoring Fidelity’s Data Loss Prevention (DLP) tool and conduct investigations.
- Monitor DLP queue, triage incidents and conduct DLP investigations.
- Escalate privacy breaches, HR issues as required.

10. Assist in conducting Security Training & Awareness.
- Provide security and awareness content to ISO’s security site.
- Participate in Cyber Awareness week.
- Meet with BU groups to discuss security policy, best practices.

11. Provide assistance for Disaster Recovery (DR) team including support of DR tests.
- Attend and support DR tests in support of FCAM, FCC and FIC DR tests.

The Expertise You Bring:

- 2-5 years of relevant experience in financial services industry
- Knowledge of SDLC methodologies and tools. Development background is highly desirable
- Knowledge of secure access modeling, threat modeling, digital security methodologies and deployments, and security architecture
- Understanding of Cloud Security and capabilities of Amazon, Microsoft Azure etc.
- Understanding of industry audit standards, i.e. SSAE-16, FFIEC, and PCI-DSS
- Strong interpersonal skills like being a team player and effective collaborator with many different types of audiences
- Independent problem-solving and self-directing abilities
- Self-driven and flexible with high motivation
- Ability to multitask and handle multiple projects
- Ability to practice tolerance and professionalism in times of high stress
- Strong presentation and written skills
- Nice to have Knowledge of Fortify, Veracode, Checkmarks, Appscan, ServiceNow
- Bachelor's in Information Technology, Computer Science or a related discipline
- Nice to have CISSP and Cloud Security certification

Some of the ways we’ll help you feel valued and supported as part of our team:

- Flexible working arrangements - 100% remote, hybrid, and in office options. This job is H