Associate - Information Security Management

We are looking for someone as part of the Cybersecurity & Technology Controls (CTC) organization to analyze, consolidate and report on trends/metrics suitable for consumption for all levels of management, including external regulators. The successful candidate will need to be able to understand and articulate cyber and technological risks and work with technical and non-technical control owners to derive actionable and measurable remediation tasks.

Security TRC professionals are technologists with a pragmatic view and creative mind. Ideal candidates are natural collaborators with software architects, software engineers, business product owners and senior management. The ideal candidate is expected to lead through influence, communicate effectively with clarity of thought and demonstrated understanding of business, compliance and technical requirements.

This role is an opportunity to work with a diverse collection of stakeholders within an exciting technical environment at the leading edge of digital banking and propel your knowledge and experience.

This role requires a wide variety of strengths and capabilities, including:

• Advanced knowledge of multiple IT control and project management practices, plus experience working across large environments
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures
• Bachelor's degree or 3+ years of equivalent experience

Responsibilities

• Validate that business Key Risk Indicators are accurately captured & included in prioritization activities
• Analyze and report on compliance of cyber and technology controls against LoB (Lines of Business), Firmwide and Regulatory Standards
• Support and co-ordinate responses to 2nd Line of Defense, Audit, Regulator & Customer requests for information on control obligations
• Assess the effectiveness of technology controls against requirements and policy statements
• Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment
• Partners with Product Security to ensure design and implemented controls are operating in alignment with firm, regulatory and industry standards
• Support and advise process owners in managing operational risk
• Support/Own reporting products used to ensure stakeholders are kept appraised of the performance of the technology control environment
• Provide oversight and monitoring of operational risk in line with the firm's control and operational risk evaluation standard
• Provides a transparent view of the operational risk posture to stakeholders
• Support/Own the definition and maintenance of the technology risk and control environment for the line of business
• Drive operational risk management subject matter expertise

Skills/ Qualifications

• Technical and operational understanding of financial services regulations
• Experience in information security management
• Risk identification & assessment
• Have worked with or are familiar with data security standards such as (PHI, PII, PCI, etc...)
• Operational risk management
• Issue management
• Technical understanding of cloud and on-prem computing (Public, Private, Hybrid).
• Ability to operate on multiple tasks whilst continuing to achieve high delivery standards
• Self-motivated and with a desire to learn
• Strong business acumen
• Security governance
• An understanding of Enterprise Risk Management practices in a technical environment
• Risk management & controls governance
• Risk Monitoring and reporting

Certifications & Knowledge

• Risk management principles
• Cloud (AWS/Azure/etc...) encouraged
• CISA / CISM / CISSP / CRISC is a plus
• Broad knowledge of controls in the industry (NIST, ISO, PCI, SOC)
• Modern development practices

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.

As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

Equal Opportunity Employer/Disability/Veterans