Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

JPMorgan Assessments & Exercises - Third Party Cybersecurity Senior Associate 
United Kingdom, England 
638189376

17.12.2024

In this role you will help to assess the health and security of JPMC’s Third-Party suppliers, identifying risks and gaps in their control maturity. You will evaluate suppliers’ infrastructure, application and control environments providing transparency into the cyber resilience, recoverability and operational/data risks associated with key relationships.

:

  • Partner effectively with third-party SME’s to conduct detailed evaluations of security controls and practices to identify and articulate risks and gaps in security posture to key stakeholders.
  • Assess suppliers compliance with cybersecurity standards and exposure to industry risks, provide insights into corrective actions and mitigations that will help to strengthen cyber resilience.
  • Providing guidance and advice to Business, Technology and Third-Party supplier groups on cybersecurity best practice
  • Participate in thematic analysis, identifying trends/common issues in supplier security posture
  • Partner with Product Security, Tech Risk & Controls and Risk Pillar leads to raise awareness and drive improvements in Third-Party control implementations
  • Escalate issues associated with suppliers as needed.

Required qualifications, capabilities, and skills

  • 3+ years of experience in cybersecurity or resiliency, with a focus on security testing, assessments, or secure software development lifecycle
  • Expertise in common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
  • Understanding of industry risk frameworks (ISO27001, NIST Cybersecurity Framework, etc.)
  • Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders
  • Ability to clearly translate and communicate cyber risk via written, verbal and presentation formats to a variety of stakeholders in Cyber, Technology and the Business
  • Self-starter with drive to deliver results and continuous improvement mindset

Preferred qualifications, capabilities, and skills

  • Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP) – showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
  • Proficiency with Jira, automation platforms, and Agile SDLC
  • Firsthand practical experience delivering system design, application development and testing.