Our Information Security professionals are passionate about information security and control solutions for computing environments. While collaborating with a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, providing technology risk oversight in compliance with regulatory obligations, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets
As a Vice President Information Security Manager within our Information Security team, you will be passionate about information security and control solutions for computing environments. You will collaborate with a world-class team of technology experts, partnering with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You will leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Your responsibilities will include offering guidance, providing technology risk oversight in compliance with regulatory obligations, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
Job responsibilities:
- Provide technology risk oversight over how J.P. Morgan Asset Management Europe (JPMAME) adopts technology to support, enable and enhance its Business Objectives while complying with the Firm’s global policies and it’s regulatory compliance requirements.
- Lead through strong risk leadership and collaboration with partners, ensure the security of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements as e.g., mandated by the Commission de Surveillance du Secteur Financier (CSSF) as the National Competent Authority (NCA).
- Provide risk oversight over the Information and Communication Technology (ICT) Outsourcing governance framework which is driven by local regulatory obligations - such as, CSSF circlular 22/806 on ICT Outsourcing which requires all outsourced ICT activities and/or provisions of service provided by either J.P. Morgan affiliate or an external third party to be identified, measured, monitored and controlled in compliance with stated regulatory obligations.
- Provide independent oversight over technology and cybersecurity risks associated with the overall JPMAME governance framework. Execute on ICT governance tasks that contribute to ensuring effective ICT Performance Management and that service levels, vendors, risks, cyber threats, and budgets are carefully managed and meet overall business expectation.
- Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution and identifying the root cause/key themes.
- Interact with technology and application development teams on an on-going basis for business-as-usual risk activities, reporting, and project initiatives.
- Serve as subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, outsourcing (IT and Cloud) and application security
- Evaluate regulatory changes relating to cybersecurity and technology impacting the legal entity
- Create and present management packs in steering committees and governance forums
Required qualifications, capabilities and skills
- At least 5+ years of experience in Information Security
- Advanced knowledge of multiple IT control and project management practices, plus experience working across large environments
- Great communication skills and ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Ability to explain complex technology and security risks to non-technical audiences
- Strong proficiency in MS Office tools and proven track record of creating high quality deliverables for both internal and external stakeholders
- Expertise in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, third party risk management and data protection
- Analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement
- Expertise in application and infrastructure high-availability and resiliency architectures
Preferred qualifications, capabilities and skills
- Certified in CISA, CISM, CRISC, CISSP, CCSP or similar
- Expertise in relevant regulations, like the EBA Guidelines on ICT and Security Risk Management or the EBA Guidelines on Outsourcing Arrangements, CSSF Circulars, and/or ISO27001, GDPR and NIST frameworks
- Experience in creating and monitoring security KPIs and KRIs
- Ability to create dashboards via data visualization tools such as Power BI or Tableau
- Experience across architecture security and cloud security