As a Technology Resiliency Risk Lead within the Compliance, Conduct, Operational Risk (CCOR) Resiliency Risk team, you will be reporting directly to the Head of CCOR Resiliency Risk. You will work across the 1st/2nd Lines of Defense to lead independent risk oversight of technology and cyber resiliency risk and control environment and monitoring of the overall resilience landscape of JP Morgan Chase Technology. You will be expected to have a deep understanding of technology and cyber resiliency risks, and the integration of business, technology, and third-party resiliency. Your responsibilities will include providing effective assessment and challenge, and informed consultation. As a self-starter with intellectual curiosity, you will independently identify, assess, and monitor risks and the associated mitigating technology controls using a consistent, logical approach. You will also be tasked with assessing and challenging the 1LOD technology resiliency operational environment, and preparing and delivering written and verbal communications on risk and control assessment results to both technical and non-technical audiences at senior levels within the firm.
Job Responsibilities
- Support the continued expansion of the CCOR Technology and Cyber Resiliency Risk Program, including interconnectedness between other Operational Resiliency domains (Business, Third Party, Data, Sites, etc.)
- Perform Technology, Cyber, and Cloud Resiliency monitoring, testing, issue management, and thematic analysis.
- Perform periodic independent review and challenge of relevant material risks that are identified by LOBs and CFs
- Assess and challenge the firm’s 1st Line of Defense (1LOD) Global Technology Resiliency program.
- Identify, monitor, and test the technical implementation and governance of technology and cyber resiliency processes and controls inherent in the JPMorgan Chase environment, including Cloud Resiliency.
- Build strong relationships and work collaboratively across other CCOR LOBs/CFs business and technology operational risk coverage teams to ensure they have appropriate knowledge and information to assess and challenge the technology and cyber resiliency risks and controls affecting their coverage area.
- Monitor and analyze emerging technology risks and recommend appropriate risk mitigation strategies
- Assess 1LOD remediation action plans for timely completion and escalate any known weakness in the overall resilience landscape within the firm.
- Engage with key stakeholders regularly and provide consistent and comprehensive status of the resilience risk gaps and remediation activities.
- Oversee 1LOD resiliency capabilities and remediation activities for completion and escalate any identified vulnerabilities or weaknesses in the overall technology resilience environment.
Required Qualifications, Capabilities, and Skills
- 7+ years or more proven experience with Technology and Business Continuity Management or Disaster Recovery programs.
- Bachelor's degree in computer science, information technology, cybersecurity or a related field;
- Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
- Ability to work with large, complex data sets and perform targeted risk-based data analysis
- Demonstrated ability to successfully communicate complex and nuanced topics orally and in writing across multiple levels in the organization.
- Track record of collaboration and relationship-building
- Highly disciplined, able to work with limited supervision and make independent decisions; High level of professionalism, self-motivation, and sense of urgency
- Strong understanding of technology infrastructure, security, and risk management principles and practices.
- Familiarity with industry standards and guidelines: ISO 22301, CERT RMM, FFIEC, and ITIL with professional Certification such as MBCI, CBCP, and other relevant industry certification; Demonstrated broad technical knowledge of infrastructure technologies
- Excellent MS Excel and PowerPoint proficiency
Preferred Qualifications, Capabilities, and Skills
- Advanced degree or relevant professional certification preferred
- Certified Business Continuity Professional (CBCP), Certified in Risk and Information Systems Control(CRISC), AWS, or related certifications or related is preferred.