JPMorgan Corporate Third Party Oversight - Risk Application Security Expert 

United States, Ohio 

75808049

JPMorgan Chase's (JPMC) Corporate Third Party Oversight (CTPO) Program is a function within Global Supplier Services, responsible for developing, deploying and overseeing the framework that drives the effective use of suppliers to accomplish strategic goals. The CTPO Program covers oversight for both external Third-Party suppliers (TPO) and internal Intra-Affiliate (IAO) services and also includes Supplier Assurance Services (SAS) Governance and Risk Design. The CTPO Program is responsible for building Program awareness across the firm and ensuring consistency globally across all Lines of Business (LOBs) and Corporate Functions (CFs) including the understanding of outsourcing regulatory requirements and periodic updates to regulators on the CTPO Program. The Risk and Controls team within CTPO provides forward looking strategy for the function.

As an Application Security Expert, in Corporate Third Party Oversight you will ensure consistent and effective end-to-end risk management program is in place globally for third party-hosted applications. You will influence internal and external stakeholders to inform and ultimately mitigate third party application risk across the firm.

Job Responsibilities

• Drive the transformation agenda, including business justification and program build out.
• Partner with internal risk teams to support business as usual risk activities, reporting and project initiatives.
• Ensure risk impacting the business is effectively identified, quantified, communicated and remediated
• Influence supplier adoption of the product vision, roadmap, and risk control objectives
• Operationalize the Third Party Software Bill of Materials (SBOM) program

Required qualifications, capabilities, and skills

• 5+ years of experience in Third Party Risk Management (TPRM) or Governance, Risk Management, and Compliance (GRC), Cybersecurity, Application Security, Cloud Security Architecture (SaaS, PaaS & IaaS) within a large enterprise level environment
• 3+ years of experience using a broad set of technologies (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, compute, storage, etc.)
• Strong leadership skills, ability to multitask, sense of ownership, attention to detail and quality, and deliver on commitments
• Understanding of Secure Software Development Life Cycle (SSDLC) (e.g., coding requirements, risk assessments, threat modeling, static code analysis, and dynamic application scanning)

Preferred qualifications, capabilities, and skills

• Certification in Public Cloud Technology from major Cloud Service Provider
• Experience with Software Bill of Materials (SBOM)
• CISSP, CISA, CISM, CCSP or CRISC certification