JP Morgan Chase - Vice President - Information Security Management

- Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. 

- You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.

Qualifications:

This role requires a wide variety of strengths and capabilities, including:

- Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies

- Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity practices. Experience with the regulators in the APAC region will be a benefit.

- Well versed in and with hands-on experience with security aspects of Mobile development and Digital channels.

- Noted Information Security expert, keeping technical skills current and participating in multiple forums

- Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation

 Knowledge of controls associated with the applications, such as but not limited to:

- Application Security

- Application data protection controls

- Encryption Concepts

- Enterprise authentication and identity management

- System orchestration and lifecycle management

- Mobile Technologies

- Digital Banking channels

- Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment

- Candidates with a minimum 10+ years of experience in technology risk and controls, risk based consulting, risk assessments, audit and regulatory activities

- Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field is required. Experience within financial services areas is preferred

- Detail oriented with ability to evaluate processes, controls and issues to determine the risks

- CISSP/CRISC/CISM or equivalent industry certifications

- Knowledge on offensive/defensive cyber exercises, such as red teaming, penetration testing, or incident response

Preferred Skills:

- Ability to maintain high standards with a drive to achieve the right answer in difficult and/or ever changing situations

- Subject matter expert on technology risk management with complete understanding of IT control policies

- Proven ability to examine, improve and execute the organization's existing processes and procedures for risk assessment

- Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice

- Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls

- Stakeholder engagement skills, including ability to interact with senior levels of management

- Knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC)

- Knowledge of industry-standard risk/control frameworks: ITIL, COSO, NIST, PCI-DSS, COBIT, etc.

- Proficient verbal and written communication skills, including the ability to effectively lead discussions and meetings with internal management, external / internal audit, peer groups, regulators and senior stakeholders

Key Responsibilities:

- Investigation, analysis, documentation, remediation, tracking, and reporting of technology risks and associated controls

- Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups

- Ensure existing and new solutions are designed to be continuously compliant with JPMC policies and standards, as well as the CCB operating environment

- Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits, regulatory obligations

- Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques

- Proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps

- Provide leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks, and remedies and support the closure verification process

- Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis

- Maintain an understanding of the CCB / AWM and CTC strategies, roadmaps and programs

- Manage the risk profile of aligned products, and translate risks into functional requirements, non-functional requirements and constraints together with the LOB business partners and the CTC Product teams

- Ensure that all pertinent Information Risk and Control regulatory requirements and applicable JPMC policies are understood by LoB business partners, technologists, and the ISM function team members, and that these policies are implemented and monitored successfully

- Work with technology teams to walkthrough, gather control design requirements facilitate discussions and bring to closure control issues

- Lead the efforts to create and manage agile process for controls related assessment, and build automation/self service capabilities for analysis, reporting and reusing of information to address control issues

- Communicate issues and evaluate issues/findings and best practices with the rest of the team and management

- Effectively create, maintain and communicate operational metrics and status of control related initiatives and issues

- Aid in training and spreading technology risk and control awareness within the organization