Main Responsibilities Include
- Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution and identifying the root cause/key themes.
- Interface with technology and application development teams on an on-going basis for business-as-usual risk activities, reporting, and project initiatives.
- Serve as subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, outsourcing (IT and Cloud) and application security
- Evaluate regulatory changes relating to cybersecurity and technology impacting the legal entity
- Create and present management packs in steering committees and governance forums
This role requires a wide variety of strengths and capabilities, including:
- At least 5+ years of experience in Information Security
- Advanced knowledge of multiple IT control and project management practices, plus experience working across large environments
- Great communication skills and ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Ability to explain complex technology and security risks to non-technical audiences
- Strong proficiency in MS Office tools and proven track record of creating high quality deliverables for both internal and external stakeholders
- Expertise in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, third party risk management and data protection
- Analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement
- Expertise in application and infrastructure high-availability and resiliency architectures
Preferred Qualifications
- Certified in CISA, CISM, CRISC, CISSP, CCSP or similar
- Expertise in relevant regulations, like the EBA Guidelines on ICT and Security Risk Management or the EBA Guidelines on Outsourcing Arrangements, CSSF Circulars, and/or ISO27001, GDPR and NIST frameworks
- Experience in creating and monitoring security KPIs and KRIs
- Ability to create dashboards via data visualization tools such as Power BI or Tableau
- Experience across architecture security and cloud security
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
