VP, Cybersecurity & Technology Controls Lead
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Wilmington, DE 19806
As an experienced professional in our cybersecurity organization, you won’t just be watching over our data – you’ll be finding innovative new ways to protect it in the future. To do that, you’ll help lead a highly motivated team focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. You’ll use your leadership skills to give guidance, advise on best practices and support our business and technology groups. By taking the lead on incident response, risk reviews, vulnerability assessments and identifying threats, you’ll help us deliver cost-effective solutions that put our clients first. You’ll deploy best practices, new policies and emerging trends to strengthen our strategic roadmap. By presenting your findings to senior leaders, you’ll sharpen your communication and presentation skills. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world.
This role requires a wide variety of strengths and capabilities, including:
+ Bachelor’s degree or equivalent experience
+ Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
+ Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
+ Experience with Agile and the ability to work with at least one of the common frameworks
+ Manage firm wide technology risk assessment program (CORE) for a Line of Business (LOB), ensuring proper evaluation of controls, identification of significant control deficiencies, partnering with Technology stakeholders and Information Security Managers to define remediation steps to mitigate risk, and provide Technology Leadership with risk posture analysis.Apply strict adherence by all stakeholders to CORE Standards & Procedures.Provide timely delivery on CORE critical milestones tasks and action items.Serve as subject matter expert (SME) on CORE Program and all applications used in support of the CORE program and CCM (i.e. CORE, FORCE, Orama, Controls Room)
+ Partner closely with Technology stakeholders providing clear direction and guidance during CORE.Program engagement, to manage risks, optimize returns, and enhance the client experience.Partner with Assessment stakeholders during control design and control performance evaluations, to validate and ensure proper documentation of evidence in compliance with CORE Program Standards and Procedures, performing a Quality Assurance of results prior to entry into systems of record, interfacing with.Technology stakeholders and ISMs as required.Maintain strong partnerships with Technology Leadership, Technology stakeholders, ISMs, Assessments Program stakeholders, as well a Business Control partners
+ Work actively with the Assessment Leads and ISMs to improve technical assessment guidance and evaluation approaches, where appropriate.Responsible for CORE Program Reporting consisting of: weekly status reports; monthly updates for control committees; commentary around KRI/KPI issues and long dated or audit identified issues; CORE assessment results and current risk posture; technology triggers and impact to business operational risk.
+ Ensure issues management remediation and control re-evaluation in line with CORE Standards & Procedures, consisting of: weekly reporting, tracking, and analysis of trends; issues and related action plans & risk acceptances are timely documented, assigned, and resolved; escalation of non-compliance to senior leadership; assessment stakeholder assignment for control re-evaluation;
+ Participate in Technology Control Design Authority working groups to improve our ability to identify operational risk, establish controls with focus on automation for continuous control monitoring, adjust to emerging technology and cybersecurity trends, as well as react to new and unexpected threats.
+ Assist with responses to Internal Audit as it relates to assessment program results.Participate CTC critical programs related to the overall enhancement of the assessment function, as well as support firm wide CTC programs and strategic roadmap.Exhibit a continuous learning mindset for education and awareness.Drive a culture for high performance work environment; two years internal or external technology audit or risk assessment experience.Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients (exposure to risk frameworks like NIST, COBIT, or ISO a plus).Ability to effectively develop and communicate recommendations based on various technical compliance and control assessment results
+ Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients.Work actively with Technology Leadership, Technology stakeholders, ISMs, and Assessment teams.Technical acumen in a wide variety of distributed systems and technologies such as network infrastructure, cloud, mainframe, software development, and databases. Strong relationship management and project management skills.Detail oriented with ability to examine and evaluate processes, controls and issues to determine risk areas.Ability to work independently and collaborate comfortably in a matrix organization.Proficient analytical and problem solving skills
+ Experience working with geographically dispersed and culturally diverse teams, often in a virtual environment,CISSP, CRISC, CISA or CISM or other industry-recognized risk and risk certifications preferred.Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.Proficient in MS Office – Microsoft Word, Excel, Access, PowerPoint and SharePoint.
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.
When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.