As a Technology Risk & Controls Lead at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
Job responsibilities:
- Formal training or certification in Information Technology, and/or 5+ years of technology, risk and controls knowledge.
- Strong leadership skills with exceptional communication and presence
- Advanced knowledge of multiple IT control and project management practices and experience working across large environments
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
- In-depth knowledge and experience in Infrastructure and/or Application Risks and Controls
- Ability to independently use systems and analyze/use data to address/identify gaps in Controls, and highlight Risk
- Working experience in collaborating with engineering as well as business functions to achieve objectives and hold difficult conversations/escalations
- Articulate responses for requests for information (Audit, Regulator, Assessment) which is crisp and concise
Preferred qualifications and/or skills:
- Good understanding of Data Classification and its impact on systems
- Demonstrated ability to multi-task in a high-pressure environment
- CISA or Network certification desirable
- Audit experience preferable, but not mandatory