IT Audit/Controls Attestation Manager (SOX)
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Wilmington, DE 19893
Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you’ll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You’ll also leverage your expert knowledge of today’s ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
The CTC Attestation Manager is an IT controls specialist with strong program management experience who uses these capabilities to manage the planning and execution of global attestation engagements (SOC1, SOC2, ISAE 3402, AT-C 205) supporting key business organizations, while meeting the demands of external clients of the firm, across multiple lines of business (LOBs). The role requires partnering with internal business owners and external auditors to identify appropriate form of reporting (e.g., SOC1, SSAE3402, AT-205, and ISAE 3000) to meet client and/or regulatory requirements, and taking the lead in report development, readiness and execution while ensuring quality standards are achieved in development and maintenance of reports which go out to thousands of the largest clients of the firm. Strong issue management capabilities are an essential element of the role. This includes the ability to rapidly analyze and respond to potential issues threatening audit outcomes, assess root causes of findings and effectiveness of proposed solutions, oversee remediation work streams and to drive timely and effective solutions while keeping management and other key stakeholders informed on status and potential concerns.
This role requires a wide variety of strengths and capabilities, including:
+ Bachelor’s degree or equivalent experience
+ Strong leadership skills with exceptional communication and presence
+ Advanced knowledge of multiple IT control and project management practices and experience working across large environments
+ Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
+ Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
+ Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
+ 5+ years’ equivalent experience dedicated to leading execution of IT controls attestation engagements, including SOC1 and/or SOX, with a minimum of two years (REQUIRED) of Manager level experience planning and executing IT controls audit as a practitioner with a “Big Four” or top IT Consulting firm
+ Confidence and self-assurance in interactions with external auditors and ability to reach across a global-firm to engage appropriate management, set agendas, lead calls with senior management and drive actions to meet program objectives, demonstrating a strong sense of ownership, commitment to quality and attention to detail
+ Ability to initiate and lead group discussions, problem solve to identify solutions to issues and deliver high quality results in an intensely deadline-driven environment
+ Subject matter expertise in development and execution of control attestation reports (e.g., SOC1, SOC2, AT-C 205, etc.)
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.
Equal Opportunity Employer/Disability/Veterans