JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Cybersecurity ensures the security and resiliency of the Firm’s computing environment, enabling it to protect customer and employee confidential information, and comply with regulatory and audit requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high-quality security solutions and services that are focused on improving the Firm's risk posture.
Within Global Cybersecurity, the Governance, Risk & Control team seeks a Technology Control Officer (VP) to provide a comprehensive risk and control oversight for Global Cybersecurity product covering Network, Email Middleware and Database technologies.
Roles and Responsibilities
• Facilitate pre-implementation control design reviews (‘secure from the start’) and pre-audit readiness exercises
• Manage the creation and maintenance of Policies, Standards and Procedures to keep them evergreen and ensure alignment with industry leading practices and regulatory requirements. Lead working groups to proactively enhance Network, Email, Middleware and Database Security standards and procedures
• Assist in development and execution of Risk and Control Self Assessments (RCSA) to assess the design adequacy and operational effectiveness of controls to mitigate cybersecurity risks and conformity to standards, regulatory and compliance requirements
• Demonstrate proficiency in supporting end-to-end Issue Management throughout its full lifecycle including identification, creation, tracking and closure to ensure compliance with JPMC Policies and Standards
• Leveraging data analytics, conduct trend analysis to identify thematic issues, determine root causes, and design sustainable solutions to avoid issue recurrence
• Proactively manage relationships with stakeholders through effective communication, including interactions with EDs and MDs on a regular basis
• Assist in the design of compensating controls where control deficiencies are noted and/or desired residual risk levels have not been achieved
• Bachelors’ degree in computer science, information systems or related field
• 10+ years of overall IT experience, ideally in communications, middleware, messaging and database technologies including experience in the Financial Services and Cybersecurity or related fields
• Demonstrated ability to author standards and procedures
• Understanding of software development practices and Agile development methodologies
• Understanding of data protection technologies such as encryption, authentication and loss prevention.
• Knowledge of what constitutes a cybersecurity attack and the relationship to both threats and vulnerabilities along with the ability to identify systemic security issues
• Keeps technical skills current, able to contribute to in-depth analysis of vulnerabilities, threats, designs, procedures and architectural design with focus on recommendations for enhancements or remediation
• Knowledge of controls associated with the key infrastructure capabilities, such as but not limited to:
o Network perimeters and firewall security configuration
o Harden build standards and compliance
o Real-time visibility into endpoints such as appliances and wireless devices
o Remote and local network access management
o Standard operational process
o Application data protection controls for the four technology areas.
• Outstanding verbal, interpersonal and written communication and presentation skills, including demonstrated ability to interact with both technical and non-technical stakeholders
• Analytical aptitude; strong organizational and time management skills; ability to manage multiple and conflicting priorities in a global organization, and to adapt in a fast-paced environment
• Ability to develop and maintain strong partnerships with key stakeholders, and to work across diverse businesses and regions, balancing the needs of multiple organizations
• Familiarity with industry-recognized frameworks (e.g., COBIT, FFIEC CAT, NIST CSF)
• Relevant professional certification (e.g., CISSP, CISA, CRISC) or willingness to pursue