DLP / Insider Risk Manager - Snr Technical Consultant

Job Description

About the opportunity Department Description The Global Cyber & Information Security function is a part of the Global Technology department. The Global Technology Group function provides IT services to the Fidelity International business. These includethe development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operateon a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. Global Cyber & Information Security is made up of the following functions. Application Security Centralised Access Management InfrastructureSecurity Security Engineering and Architecture Security Application Support Cyber Defence Operations (CDO) Information Security (and the ISO function) Page Break The Cyber Defence Operations function at Fidelity International is part of the Global Cyber &Information Security (GCIS) Group, reporting to the Head of Global Cyber & Information Security. Our mission is to develop an intelligence-led, proactive cyber security response to defend Fidelity and its assets from cyber threats, to reduce risk and businessimpact. We adopt an assumed breach position using multiple in-depth capabilities for protection, detection and response along with established playbooks to enable rapid response when an event occurs. Purpose of your role The successful candidate will beexperienced in leading and developing the Data Loss Prevention (DLP) capability across multiple channels and technologies. The role will also require you to expand and explore the wider Insider Risk capabilities in the market to broaden coverage and improveintelligence and accuracy of event detection and prevention. You will manage a globally distributed team and be responsible for developing and shaping its future. This is a critical role in which you will be expected to build and maintain relationships withkey stakeholders across the organisation (technology and business operations) to help shape and mature our Insider Risk security strategy. The successful candidate will be comfortable working with stakeholders at all levels, performing comprehensive assessmentsof controls and able to implement the agreed improvements. You will also be supported by a strong security leadership team who are keen to drive capabilities in this space forward, underpinned by appropriate investment in security tooling. Our leadership teamand the business aligned Information Security Officers (ISO) will be working closely with you to continually identify how we protect our critical assets to make sure we continue to provide a secure service to our clients. Key Responsibilities Manage the CyberDefence Insider Risk Team Delivery against Cyber Defence and GCIS and the business strategy Build and develop sustainable solutions using automation where possible Work with global stakeholders to continually identify information that requires protection,this includes ISOs, 1st & 2nd Risk and Data Protection. Develop and improve the DLP / Insider Risk strategy to continually improve our capability in this area Implement said strategy Create continuous improvement loops with other security teams includingdetect and response and Detection Engineering and Automation. Working with our providers create new and innovative methods to identify improvements and simplifications of controls. e.g through automation or tool optimisation. Manage our DLP supplier relationshipsOwn the creation and improvement process for reporting this includes KPIs and KRIs Experience and Qualifications Experience and strong understanding of data loss prevention technologies and capabilities Competent in a scripting language, preferably Python.Experience creating or continually improving a Data loss / Insider Risk program Strong reporting ability, with an understanding on how to tailor reports to different audiences. Comprehensive understanding of data protection, information, and cyber securityFamiliarity with automation technologies Experience in cloud environments would be desirable Strong communication skills with evidence of being in a position responsible for communicating technical issues to non-technical users; such as formal stakeholderengagement/communications Banking or Finance industry related experience desirable CISSP or equivalent security certification preferred Experience and Qualifications Required Soft skills Analytical skills Challenge the current processes Passion for the cybersecurityfield Time management Able to organize others Your skills and experience At least 5 years of experience in technical security engineering Knowledge of or experience working with security tooling (DLP, SIEM, SOAR) Experience explaining the risk of securitythreats and creating mitigations. Experience of general IT infrastructure technologies and principles. Ability to automate tasks using scripting on both Windows and Linux systems. Programming experience (PowerShell, Bash, Python, JavaScript) Nice to have Experiencedealing with security incidents using the NIST framework. Experience using data science or advance analytical tools to inform decisions. Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP About you About Fidelity InternationalFidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term.Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals. Our Workplace & PersonalFinancial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest$567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures. Our clients come from all walks of life and so do we. We are proudof our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more. As a flexible employer, we trust our people to perform their role in theway that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the