Fidelity National Financial

Overview

Fidelity National Financial, Inc. (NYSE:FNF) is a leading provider of title insurance and transaction services to the real estate and mortgage industries. FNF is the nation's largest title insurance company through its title insurance underwriters - Fidelity National Title, Chicago Title, Commonwealth Land Title, Alamo Title and National Title of New York - that collectively issue more title insurance policies than any other title company in the United States. More information about FNF can be found at fnf.com.

Duties

• Develop, manage and sustain a formalized Cloud Security Program that encompasses security design; assessment, data protection and loss prevention, identity and access management, visibility and monitoring, tooling, governance and resilience.
• Partner with ISO teammates to implement processes and technologies that reduce cloud security deficiencies, and help develop creative reporting mechanisms including metrics/key themes that communicate risk to business owners and leadership.
• Participate in development and implementation of security design & architecture principles and standards.
• Identify security requirements to embed into the CI/CD pipeline.
• Develop security related user stories and product specific threat models to embed into platforms related products.
• Participate in the development and communication of cloud security Standards and Training.
• Build and sustain good working relationships with development and infrastructure teams, and involve them in the overall application and cloud Security Technology strategy.
• Work with and influence business contacts in regards to technology controls, risk mitigation techniques related to application and cloud security.
• Participate in defining secure cloud design and deployment, secure configuration practices, and leveraging appropriate technology solutions, controls and practices as needed.
• Conduct research to identify new attack vectors facing applications and cloud services. Serve as a core team member of the Security Architecture team.
• Develop technical security requirements for the business, and see them through the development lifecycle. Collaborate with business contacts to ensure 3rd party cloud applications comply with our standards, controls, policies and principles.
• Participate in driving data protection strategies and standards that support application and cloud security.
• Provide attentive security consulting including design, reviews and recommendations for various IT projects and initiatives.
• Develop processes that assist management in identifying and remediating application and cloud security issues.
• Work with business leaders across the firm and its subsidiaries to integrate their systems, applications, and databases into the centralized systems ensuring adherence to Security Controls, Policies and Standards with a focus on automation and control
• Work closely with Software and Infrastructure Architects to propose solutions and provide strategic technical direction across the team
• Oversee adherence to applicable Security Controls, Policies, and Standards
• Partner with business owners and technology groups to synchronize plans to remediate gaps
• Creates and implements plans and procedures to mitigate impact from cyber-attack.
• Reviews and approves proposed solution design for adherence to information security principles and standards. Makes security-related technical design recommendations.
• Determines business specific security requirements by evaluating business strategies and requirements; researching information security standards; evaluating information security standards specific to the mortgage servicing industry; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform.

Education

• BS/MS in Computer Science or Business with emphasis in IT or equivalent
• Relevant cyber security certifications, such as CISSP, CISM, are optional, but highly desired

Experience

• 8-10 years of experience in various security and technology domains
• Experience in modern cloud development and delivery platforms such as Microsoft Azure and Amazon AWS.
• Experience in developing security architecture solutions for financial environments is a major plus
• Experience developing and delivering security requirements into Agile developed projects and work streams with external dependencies.
• Subject matter expertise in cloud service provider security
• Must demonstrate a keen understanding of security as a business enabler

Additional Information

Must have excellent verbal, written, and presentation communication skills, strong interpersonal skills and the ability to work effectively across project teams.