Apply Now    

Corporate - Global Cybersecurity Technology - Audit Manager - Vice President

Req #: 170096367
Location: New York, NY, US
Job Category: Accounting/Finance/Audit/Risk
Job Description:

 

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.

 

The Enterprise Technology group provides global audit coverage for multiple technology organizations within JPMorganChase including Global Technology Infrastructure (GTI), Corporate Technology (CT) and Global Cybersecurity. These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In addition, they ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.

 

The Cybersecurity Audit Team is looking for an experienced cybersecurity professional with extensive experience of cybersecurity operations who would like to work in a challenging, hands-on, fast paced environment utilizing their existing core cyber skills while building audit and risk management capabilities. This position is ideal for a seasoned cyber professional who would like to broaden their skills and bridge the gap between deep technical knowledge and senior management engagement, strategy and risk management. The position will partner with team members and auditors in other business areas to develop risk and control assessments through audit activities for leading cyber services and information security technologies. The position is a New York based role reporting to the Cybersecurity Audit Team Lead.

 

Responsibilities:

  • Participate in all aspects of audit activities including risk assessments, planning, testing, evaluation, report creation, documentation, and determining effectiveness of risk mitigation plans across the Global Cybersecurity business
  • Establish strong relationships with senior Global Cybersecurity leadership, related controls groups and business auditors
  • Provide audit coverage of the key controls supporting cybersecurity with specific focus on cybersecurity operations processes
  • Assist in the development and analysis of key metrics to identify trends in cybersecurity
  • Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of controls in relation to associated cybersecurity risks. This may be achieved through specific audit reviews or direct participation in key cybersecurity projects
  • Share knowledge, techniques and toolsets with colleagues within the team to build proficiency in the Cybersecurity Audit Team
  • Up to approximately 15% travel required
  • 10 or more years of total work experience, with at least 8 years in IT Security, Cybersecurity or Audit and significant hands-on experience within a cybersecurity operations environment
  • Excellent understanding of defense-in-depth principles and network security architecture plus knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
  • Experienced with Technology, IT Risk/Security or Security Audit, IT Forensics, & ITIL (Incident, Problem, Change Management) methodology
  • Experience with general attack stages (e.g. footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
  • Knowledge of information technology (IT) security principles and methods
  • Ability to apply a knowledge of attacker capabilities, intentions, motives, and historical operations/targets
  • Solid and demonstrable comprehension of data protection strategies, network and system vulnerabilities, Security Information and Event Management (SIEM), malware, emerging threats, attacks, and vulnerability management
  • Understanding of system and application security threats and vulnerabilities (e.g. buffer overflow, mobile code, cross-site scripting, SQL injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code) and understanding of source code, hex, binary, regular expressions, etc.
  • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs) and use of IDS, IPS, and/or other signature matching technology
  • Intermediate knowledge of Linux and Windows operating systems

Preferred Qualifications:

  • Computer Science or related technical degree from an accredited institution
  • Minimum of one relevant professional certification- (CISA, CISSP, CISM, MCSD, GIAC, CCSP or CEH preferred)
  • Working knowledge of global threats to international cyber security, and conversant in the tools, tactics, and procedures used by cyber adversaries
  • A sound understanding of TCP/IP and networking concepts and experience performing in-depth packet analysis
  • One scripting/programming language (e.g. Python, Perl)

People/Communication skills:

  • Enthusiastic, self-motivated, willing to be challenged and take personal responsibility.
  • Ability to communicate effectively with Senior Management
  • Ability to present complex solutions and methods to a general community, effective verbal and written communication skills
  • Ability to build strong partnerships across the technology and business teams and able to multitask and execute audit activities with minimal supervision
  • Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks and demonstrated ability to be reliable and flexible
  • Experience in a fast paced, high stress, support environment and able to follow detailed process and procedure documentation
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.