Information Security and Technology Risk Manager

About the OpportunityJob Type: Permanent

Application Deadline: 31 March 2025

                                                                                                                   

Title                 Information Security and Technology Risk Manager

Department      Global Risk/Luxembourg Risk Team

Location          Luxembourg

Reports To       Director Investment Risk Luxembourg

Level                Level 6- Senior Manager

We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our Luxembourg Risk team and feel like you’re part of something bigger.

About your team :

Global Risk:

The Global Risk team in Fidelity covers the management oversight of Fidelity’s risk profile including key risk frameworks, policies and procedures and oversight and challenge processes. The team partners with the businesses to ensure Fidelity manages its risk profile within defined risk appetite. The Global Risk function covers all facets of risk management including investment, operational, enterprise, sustainability, model and information security and technology risk.

Luxembourg Risk:

The Luxembourg Risk team fits within the Global Risk function and is responsible for the framework/governance, management of all aspects of risk including market risk, fund liquidity risk, sustainability, fund counterparty/credit risk and information security and technology risk for the local legal entities. 

About your role :

The primary function of this role is to support the local Head of Risk Management in the ongoing oversight and monitoring of the information, cybersecurity risk and technology failure risks within the local legal entities. You will bring your extensive industry experience to this role, providing strategic thinking and thoughtful insights and balance on technology and cyber risks to contribute to senior management decision making, including providing boards and oversight committees updates and insights. As part of the Global Risk team, you will partner and work closely with all other risk and technology teams within FIL and contribute as an SME to senior colleagues. 

Your responsibilities include: 

• As owner of local information security, cybersecurity and technology failure risk policies you will conduct a full review and ensure alignment to FIL Global and local Regulatory policies

• You will work closely with Risk and Procurement colleagues to ensure the technology vendor strategy aligns with corporate policy

• Building on a robust policy basis you will work closely with all technology teams to drive compliance with regulations, and grant exceptions / waivers / risk acceptances where appropriate, while staying within the Global Risk appetite

• Working with Technology Compliance, you will support horizon scanning of new regulations and define minimum control requirements for technology policies

• You will develop effective assurance mechanisms for technology failure, information security and cybersecurity risk policies by engaging with the owners of procedures and standards, ensuring relevant KRIs are embedding in technology BAU activities 

• You will provide risk management oversight of the IT Outsourcing ensuring effective management in accordance with Fidelity’s Luxembourg and Group risk management framework and within Group Risk Appetite. This will form an integral part of the delivery of Global Risk’s value proposition and will seek to embed an exceptional risk management culture within the business 

• You will closely partner with Technology teams and support their day-to-day risk management activities. This will include but is not limited to, assisting with Risk and Control Self-Assessments, proactively identifying issues and ensuring these are logged and supporting stakeholders with the management of security risk events where appropriate

• Maintaining strong working relationships with Audit and Compliance teams to compare and contrast risk themes and trends to ensure that oversight Risk, Compliance and Audit functions are as closely aligned as possible
• Promoting awareness of ICT risks within the entities conducting local ICT risk trainings and preparation of regular or ad hoc senior management reporting. 

About you :

• The successful candidate has significant experience in working in a Information Security, Cybersecurity, Technology risk function within a financial services firm which included IT risk management (IT, Vendor Management etc.) and ideally a proven track record in technology regulatory compliance within the financial services.
• You must have significant knowledge of EU/Luxembourg regulatory requirements (e.g. CSSF, DORA) and be able to translate them into impacts to local entities.
• You will be required to identify potential risks and vulnerabilities related to information security and technology regulatory compliance, propose mitigation strategies and oversee the implementation thereof.
• In addition, you will be required to conduct impact assessments including assessing the impact of regulatory changes and identifying current state regulatory gaps across the local legal entities.
• The successful candidate should have strong stakeholder engagement and communication skills with the ability to engage with internal and external stakeholders, including the regulators, to address regulatory inquiries and provide necessary information and explain risk succinctly and in non-technical terms.
• You must have additionally the ability to promote and to inspire others on risk topics and to increase the overall awareness of information security and technology risks across the organisation.
• The Candidate would preferably have a CISSP or equivalent security certification with other security management certifications such as CISM and C|CISO being an advantage. 

Feel rewarded :

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.