Cybersecurity Vulnerability Management Lead
Req #: 170038199
Job Category: Technology
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Cybersecurity Officers protect the firm's people, clients and information assets - ensuring the safety and soundness of the firm's business operations
• Cybersecurity personnel provide subject matter expertise, thought leadership, guidance, best practice and support across all business and technology groups firm-wide as it relates to the security of JMPC, it’s products, processes and technology
• The Cybersecurity team drives value creation by accelerating business and technology opportunities and leads proactive, intelligence-driven operations that quickly meet and stop adversaries and build a foundational fortress for business operations in any environment
• Advanced level Cybersecurity professionals are able to participate in senior level discussions on concepts, principles and issues as well as the application and implication of changes to processes, policies and procedures with perspective as they relate to Cybersecurity
• Additionally, professional is able to lead intelligent analysis and actions that stop adversaries and ensure the firm's safety.
Within Global Cybersecurity, the Governance, Risk & Control team seeks a Cybersecurity Vulnerability Management Lead (VP), responsible to support the Head of Cybersecurity Governance by acting as the day-to-day owner for Cybersecurity Policies, Standards and Procedures with respect to Vulnerability Management. Working within the broader JPMC Technology Risk Management framework, manage Governance Functions related to Vulnerability Risk Management for Cybersecurity.
Roles and Responsibilities
Manage the evolution of cybersecurity standards for a select set of Cybersecurity tools and techniques on both internal and external hosting environments. Activities include [but are not limited to]:
• Ensure that all controls related to Vulnerability Management are demonstrable and sustainable, identify issues and support action plans to strengthen Vulnerability Management control effectiveness
• Lead working groups of business stakeholders to proactively enhance Vulnerability Management standards in conjunction with the Firmwide Cybersecurity Program and Vulnerability Management Product and Capability Roadmaps
• Proactively manage relationships with stakeholders through effective communication, including interactions with EDs and MDs on a regular basis
• Ensure stability and resiliency of Cybersecurity products and services related to Vulnerability Management
• Employ defense-in-depth principles along the kill chain to eliminate risk and vulnerabilities and improve security controls
• As a member of the Governance, contribute to team goals and objectives
• Interface with and support the work of the Cybersecurity GRC Risk and Control teams, and contribute to overall Cybersecurity GRC goals and objectives
• Bachelors’ degree in computer science, information systems or related field; advanced degree preferred
• 8+ years of overall IT experience preferred.
• 7+ years of technology experience, ideally including experience in the Financial Services and Cybersecurity or related fields.
• Certified Information Security Auditor (CISA) or willingness to pursue.
• Strong working knowledge of operations practices in the context of Cybersecurity
• Knowledge of what constitutes a cybersecurity attack and the relationship to both threats and vulnerabilities along with the ability to identify systemic security issues
• Keeps technical skills current, able to contribute to in-depth analysis of vulnerabilities, threats, designs, procedures and architectural design with focus on recommendations for enhancements or remediation.
• Ability to develop and maintain strong partnerships with key stakeholders, and to work across diverse businesses and regions, balancing the needs of multiple organizations.
• Effective negotiation and influencing skills.
• Ability to both learn from colleagues and think outside the box.