Our Information Security professionals are passionate aboutinformation security and control solutions for computing environments. Whilemanaging a world-class team of technology experts, you'll partner with one ormore disciplines, lines of business, regions or locations to respond toevolving business requirements and emerging threats. You'll also leverage yourexpert knowledge of today's ever-changing cybersecurity and risk landscape toinfluence IT operations across the firm. Responsibilities include offeringguidance, best practices and support across businesses, leading risk reviewsand vulnerability assessments, identifying threats, communicating with seniorleaders and other stakeholders, and managing budgets.
As an Information Security Manager (ISM), the primaryresponsibility is to support the Core and Hosting Infrastructure Platforms(CHIP) Risk and Control function. You will play an important role in securely enablingthe Core and Hosting Infrastructure Platforms (CHIP) strategy, managing therisk profile, and aligning cyber security and technology controls requirementsand product capabilities. The Information Security Manager (ISM) isresponsible for coordinating the organization, framework, program, and approachfor the JPMC security architecture, policies, standards, risk assessments,monitoring, and certification around technology. This role engagesin areas of development, design, and monitoring of corporate and global controlprograms, and acts as a liaison between management, the Lines of Business,internal and external audit, and regulators.
Investigation, analysis, documentation, remediation, tracking, and reporting of technology risks and associated controls
Ensure existing and new solutions are designed to be continuously compliant with JPMC policies and standards, as well as the GTI Core and Hosting Infrastructure Platforms operating environment
Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits
Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques
Proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
Provide leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks, and remedies and support the closure verification process
Aid in training and spreading technology risk and control awareness within the organization
Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis
Maintain an understanding of the Core and Hosting Infrastructure Platforms strategies, roadmaps and programs
Manage the risk profile of aligned products, and translate risks into functional requirements, non-functional requirements and constraints together with the LOB business partners, Cyber Architecture and Product Management teams
Ensure that all pertinent Information Risk and Control regulatory requirements and applicable JPMC policies are understood by LOB business partners, technologists, and the Information Security Management function team members, and that these policies are implemented and monitored successfully
Work with technology teams to walkthrough, gather control design requirements facilitate discussions and bring to closure control issues
Lead the efforts to create and manage agile process for controls related assessment, and build automation/self service capabilities for analysis, reporting and reusing of information to address control issues
Communicate issues and evaluate issues/findings and best practices with the rest of the team and management
Effectively create, maintain and communicate operational metrics and status of control related initiatives and issues
This role requires a wide variety of strengths and capabilities, including:
Bachelor's degree or equivalent experience Strong leadership skills with exceptional communication and presence
Advanced knowledge of multiple IT control and project management practices, and experience working across large environments
Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection
Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
Noted cybersecurity expert, keeping technical skills current and participating in multiple forums
Expertise in Agile and can work with at least one of the common frameworks
Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
Candidates with a minimum 10 years of experience in technology risk and controls, risk based consulting, risk assessments, audit and regulatory activities
Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field is required. Experience within financial services areas is preferred
Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment
CISSP/CRISC/CISM or equivalent industry certifications
Subject matter expert on information security and technology risk management with understanding of IT control policies preferred
Direct experience in offensive/defensive cyber exercises, such as red teaming, penetration testing, or incident response
Knowledge of controls associated with the key infrastructure capabilities, such as but not limited to:
Network perimeters and firewall security configuration, LAN, WAN, WLAN, SD-WAN
Operating Systems, System hardening standards and configuration monitoring
End User Networking, Remote and local network access management
Application data protection controls for Network, Email, Web, Middleware, Virtualization and Database technology areas
Encryption, public key infrastructure, and service hardening
Enterprise authentication and identity management
System orchestration and lifecycle management
Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice.
Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls.
Stakeholder engagement skills, including ability to interact with senior levels of management.
Knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC ).
Exposure to IT Risk and Process frameworks: COSO, COBIT, NIST, Cybersecurity Horizontal reviews, ITIL.
The Cybersecurity & Technology Controls group atJPMorgan Chase aligns the firm's cybersecurity, access management, controls andresiliency teams. The group proactively and strategically partners with all lines of business andfunctions to enable them to design, adopt and integrate appropriate controls;deliver processes and solutions efficiently and consistently; and driveautomation of controls. The group's number one priority is to enable thebusiness by keeping the firm safe, stable and resilient.
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 40,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
Internal Number: 6246868
eFinancialCareers is a career site specializing in financial services.