Senior Cybersecurity Analyst 100 New Millennium Way, Bldg 2, Durham NC

Job Description: Note: Fidelity will not provide immigration sponsorship for this position As a Senior Cybersecurity Analyst, you will play a critical role in managing vendor-related cybersecurity incidents and driving risk mitigation strategies across the enterprise. You will lead efforts to monitor, assess, and respond to vendor security events, while coordinating reporting initiatives and collaborating with internal stakeholders. This role requires a strong understanding of third-party risk, incident response, and vendor lifecycle management. The responsibilities of this team include: • Monitor and assess changing vendor risk profiles between review cycles and take appropriate action • Coordinate with internal teams and external vendors to ensure timely and effective incident response • Develop and deliver reporting packages in collaboration with ECS Product Lines and other stakeholders • Apply cybersecurity principles to evaluate vendor controls and risk posture • Document investigations, procedures, and analysis thoroughly and accurately • Present findings and recommendations to technical and non-technical audiences The Expertise You Have and The Skills You Bring • 6+ years of experience in cybersecurity analysis, testing, or project management • Bachelor’s degree in information technology, Cybersecurity, or related field • Strong understanding of incident response lifecycle and vendor risk management • Proficiency in Microsoft Excel (pivot tables, charts, VLOOKUP) and large dataset analysis • Experience with vulnerability management and remediation practices • Familiarity with vendor lifecycle, contract terms, SLAs, and third-party risk domains • Effective communication skills for coordinating across internal teams and external vendors • Ability to remain calm and focused during high-pressure situations • Strong attention to detail and ability to manage multiple priorities • Comfortable presenting information both live and in written formats • Background in NIST and ISO/IEC 27001 frameworks and best practices • Understanding of access management, network protocols, and SDLC • Familiarity with industry regulations (e.g., GDPR, HIPAA, etc.) • Ability to ask critical questions to identify root causes and develop strategic solutions • Experience working on time-sensitive projects with competing priorities • Deep understanding of third-party risks: cybersecurity, operational, financial, reputational The Team The Enterprise Cybersecurity (ECS) Vendor Security Team oversees the firm’s Vendor Security Program, including SaaS and third-party vendors. Through the Vendor Technology Review (VTR) program, the team assesses controls and ensures alignment with internal security standards. Certifications: Category: Information Technology Most roles at Fidelity are Hybrid, requiring associates to work onsite every other week (all business days, M-F) in a Fidelity office. This does not apply to Remote or fully Onsite roles. Please be advised that Fidelity’s business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories. Apply tot his job