JPMorgan Information Security Compliance Officer 

Switzerland, Geneva, Geneva 

492665499

Job responsibilities

Based in our Geneva office, this role represents an excellent opportunity for the successful candidate to:

• Drive tangible development of the Technology & Cybersecurity compliance and operational risk practices across business functions and legal entities in Switzerland and the broader EMEA region, including IT Risk Profile, KRIs, Loss Data, CORE and Scenario Analysis, as well as, liaise with local regulators in respect of Operational Risk matters, as required
• Work closely with senior location, line of business, and technology stakeholders to provide credible challenge and independent evaluation of Technology & Cybersecurity risks and controls
• Provide regulatory guidance and credible challenge relating to technology compliance and operational risk, including data management, outsourcing and cloud technology related matters
• Stay current with technology and data privacy regulatory and legislative changes, and provide advice to enable the business to implement applicable changes and operate in a compliant and controlled manner
• Provide oversight and challenge in relation to the legal entity’s adherence to firmwide incident response procedures. Lead CCOR reviews (including security events) including but not limited to, examination of event and resolution, back-testing against risk assessment results, metrics, escalations, and reporting
• Oversee the promotion of a risk and security aware culture and capability amongst all stakeholders as executed by the first line of defense
• Actively participate in Control Committees, senior level workstreams, major change management programs, point-in-time issue escalation, industry and regulatory meetings, internal strategic efforts, and review of internal operational risk events

Required qualifications, capabilities, and skills

• Extensive experience in technology / technology development and operational risk oversight and/or technology and cyber compliance or operational risk, with experience within the financial services industry
• Local regulatory knowledge as it applies to cybersecurity, data safeguarding and technology
• Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required
• Understanding of technology risk management and control principles with a proven ability to anticipate and identify risks and effective mitigating actions
• Adept at developing relationships with strong stakeholder management skills with the confidence to take ideas forward and to challenge others, where appropriate
• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results with a high level of professionalism, self-motivation, and integrity

Preferred qualifications, capabilities, and skills

• Knowledge and experience with Information Security and Risk Management standards and frameworks such as NIST, MITRE ATT&CK, FAIR and ISO 27001/27002 and modern development practices and supporting toolsets (e.g. Agile, DevOps, Git)
• Bachelor’s Degree in Computer Science, Computer Engineering, Engineering, Information Security or related field; post-graduate degree
• Professional certifications such as CISSP, CCSP, CISA, CISM, CRISC