JP Morgan Chase - Information Security Management Role - Controls Attestation

Job Description:

The CIB CTC Controls Attestation team manages the planning, execution and delivery of 3rd party attestation engagements (including SOC1, SOC2) as well as have oversight over the readiness and remediation of control exceptions impacting the attestation engagements, to meet the demands of external clients across lines of businesses. This includes issue management includes Remediation includes management of audit findings, root cause analysis, regulatory intelligence and change management.

The role will support CIB CTC Controls Attestation team functions, and requires liaising with various stakeholders including Technology Risk & Controls managers, client service management teams, technology management as well as interfacing with Controls Attestation functions to help facilitate the administration and execution and delivery of the attestation reports. Successful execution of responsibilities requires strong organizational, written and verbal communication skills.

Key Responsibilities:

- The CTC Attestation Manager is an IT controls specialist with strong program management experience who uses these capabilities to manage the planning and execution of global attestation engagements (SOC1, SOC2, ISAE 3402, AT-C 205) supporting key business organizations, while meeting the demands of external clients of the firm, across multiple lines of business (LOBs).

- The role requires partnering with internal business owners and external auditors to identify appropriate form of reporting (e.g., SOC1, SSAE3402, AT-205, and ISAE 3000) to meet client and/or regulatory requirements, and taking the lead in report development, readiness and execution while ensuring quality standards are achieved in development and maintenance of reports which go out to thousands of the largest clients of the firm. Strong issue management capabilities are an essential element of the role.

- This includes the ability to rapidly analyze and respond to potential issues threatening audit outcomes, assess root causes of findings and effectiveness of proposed solutions, oversee remediation work streams and to drive timely and effective solutions while keeping management and other key stakeholders informed on status and potential concerns.

Requirements:

- 5+ years' equivalent experience dedicated to leading execution of IT controls attestation engagements, including SOC1 and/or SOX, with a minimum of two years (REQUIRED) of Manager level experience planning and executing IT controls audit as a practitioner with a "Big Four" or top IT Consulting firm

- Confidence and self-assurance in interactions with external auditors and ability to reach across a global-firm to engage appropriate management, set agendas, lead calls with senior management and drive actions to meet program objectives, demonstrating a strong sense of ownership, commitment to quality and attention to detail

- Ability to initiate and lead group discussions, problem solve to identify solutions to issues and deliver high quality results in an intensely deadline-driven environment

- Subject matter expertise in development and execution of control attestation reports (e.g., SOC1, SOC2, AT-C 205, etc.)

- Strong Excel skills

Sense of ownership; ability to work with minimal supervision

This role requires a wide variety of strengths and capabilities, including:

- Bachelor's degree or equivalent experience

- Strong leadership skills with exceptional communication and presence

- Advanced knowledge of multiple IT control and project management practices and experience working across large environments

- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals

- Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business

- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

The apply button will redirect you to an external URL, please apply there as well.