Job responsibilities
- Conducting periodic review of events (circulars, notices, guidance, regulations, laws etc.) issued by regulators across the globe. Collaborate with stakeholders such as Tech Risk and Controls, Control Design Authorities, Standards Authors, Process owners and Product Security to assess impact and expectations of the Legal Obligations.
- Perform End-to-End mapping of the Obligations with appropriate process/procedures.
- Perform detailed gap analysis of the impacting Regulatory events.
- Partnering with the Global Technology Policies and Controls team to ensure policy area owners are informed of regulatory changes and relevant updates are applied in a timely manner.
- Engage Technology teams on the Office of Legal Obligations process and ensure consistent mapping of the Legal Obligations.
- Represent Chase on various Office of Legal Obligations Forums.
Required qualifications, capabilities and skills
- Proven experience in IT Risk and Compliance, Audit or IT Security, Standard/Policy Development.
- Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, emerging threats and vulnerabilities, including incident response methodologies
- Knowledge of cybersecurity & technology controls such as:
- Control Governance, Policy Development; Identify & assess management; Cyber defense & fraud (incl. incident & event management, network & endpoint security, malware protection, digital forensics, threat & fraud intelligence, etc.); Data protection, Storage, Governance; Software and platform security; Resiliency; Vulnerability management, Control assessments & training
- Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity. A demonstrated ability to analyze technology-focused regulations, articulation of risk and impact on Technology controls frameworks and industry best practices.
- Demonstrated ability to author Standards, Controls & Procedures; perform risk modeling, assess control design and operating effectiveness as well as articulate risks.
- Excellent reporting and presentation skills.
Preferred qualifications, capabilities and skills
- Ability to develop and maintain strong partnerships with key stakeholders, and to work across diverse businesses and regions, balancing the needs of multiple organizations.
- Outstanding verbal, interpersonal and written communication and presentation skills, including demonstrated ability to interact with both technical and non-technical stakeholders.
- An ability to work in a demanding, fast paced environment and handle multiple, competing priorities at one time.
- Relevant professional certification (e.g., CISSP, CISA, CRISC) or willingness to pursue.
J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package.