Skills

Leadership Risk Management Research Organization

Job Specifications

Job Description

You will be working on a flexible hybrid schedule as part of Fidelity’s dynamic working arrangement.

Who We Are

At Fidelity, we’ve been helping Canadian investors build better financial futures for over 35 years. We offer individuals and institutions a range of trusted investment portfolios and services - and we’re constantly seeking to find new and better ways to help our clients. As a privately owned company, we boldly embrace innovation in all areas as we continue to grow our business into the future.

Working with us means you’ll be part of a diverse and dedicated group of people who make a real difference for our clients and communities every day. You’ll have a wide range of opportunities to grow and develop your career in an inclusive environment where you’ll feel valued and supported to be your best - both personally and expertly.

What You Will Do

The Cyber Security Risk Director is a leadership position responsible for leading the development of Fidelity Canada’s cyber security risk posture as part of the second line of defense. This role ensures that cyber security risks are effectively identified, assessed, mitigated, and monitored across Fidelity Canada (Fidelity Clearing Canada (FCC), Fidelity Investments Canada (FIC) and Fidelity Canada Institutional Management (FCIM)). The Director will be a certified subject matter expert in cyber security risk who provides strategic advisory support in the development and maintenance of a comprehensive cyber security risk framework and will work closely with key stakeholders to enhance the organization’s resilience against emerging threats.

The Director will collaborate with key stakeholders in Information Security, Enterprise Risk, Technology Risk, and other relevant functional stakeholders across Fidelity Canada, Fidelity International Limited (FIL) and Fidelity Management & Research Company (FMR) to ensure cohesive and effective cyber security risk management. This role is responsible for advancing and safeguarding Fidelity Canada’s reputation and operational effectiveness through the continuous enhancement of its cyber security risk posture.

Key responsibilities include

Oversight and accountability of the cyber security risk framework and methodologies, conducting both planned and ad-hoc technical risk reviews, evaluating technology and business initiatives with cyber security implications
Represent Fidelity Canada on FIL cyber governance committees
Lead the development of Fidelity Canada’s Cyber Risk Oversight Program
Design, implement, and maintain a comprehensive cybersecurity risk oversight program supported by well-defined policies that align with enterprise risk appetite, regulatory requirements, and industry standards
Identify and assess cybersecurity risks and advise business units and Information Security stakeholders on risk issues to ensure awareness and accountability for cybersecurity risks.
Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the risk profile, while ensuring a sound operational control environment through establishment of effective internal controls.
Perform review and challenge of first line of defense cyber risk management processes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and communicate risk opinions at various levels of management.
Advise on remediation strategies of any inconsistencies and gaps identified through independent assessments of key cybersecurity processes.
Provides second line of defense leadership and subject matter expertise during response to major cyber incidents including cyber-security related privacy events and coordinate second line of defense engagement and response.
Develop and provide regular reporting to senior management committees across Fidelity .
Responsible for ownership of relationships with external cyber security risk experts
Ensure all activities and deliverables achieve their timeliness, quality, and accuracy service levels.

What We Are Looking For

Completed University Degree or equivalent work experience
7+ years of related work experience, in which a subset is practical experience in multiple areas of cyber risk and 5+ years of experience at the management level
Experience with developing and implementing cybersecurity risk oversight programs in the financial services sector, preferably in a 2nd or 3rd line of defense
Knowledge of current and evolving regulatory requirements, current trends in cyber threats/vulnerabilities
Advanced knowledge of cyber risk management best practices and how to implement them
Experience with risk frameworks and standards such as NIST CSF and ISO 27001
Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit or in a similar second line of defense role is an asset
Proficiency with the COBIT risk framework is considered advantageous
Professional Certifications in Cy

About the Company

At Fidelity Canada, we've been committed to helping Canadian investors build better financial futures for over 35 years. We offer individuals and institutions a range of trusted investment portfolios and services - and we're constantly striving to find new and better ways to help our clients. Fidelity Canada is part of a broader group of companies, collectively known as "Fidelity Investments", one of the world's largest providers of financial services. We employ over 1,600 full-time employees in offices across the count... Know more