Job Description Job Description - Cybersecurity & Technology Controls (CTC) Consumer & Community Bank (CCB) - (Oversight Engagement Lead) (VP - 603) - US Based; Tampa, FL, DTC - Delaware and Polaris also options.
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Cybersecurity & Technology Controls (CTC) Consumer & Community Bank (CCB) Information Security Managers (ISMs) serve to ensure the security and resiliency of the CCB technology environment. Information Security professionals are passionate about information security and control solutions for computing environments. While supporting the objectives of CTC, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats within CCB technology. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across CCB technology. Responsibilities include offering guidance, best practices and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, and communicating with senior leaders and other stakeholders.
Responsibilities
The Information Security Manager (ISM) Oversight Engagement Lead ensures stakeholders are aware of and prepared for oversight engagement activities. This is accomplished through
influencing effective risk & control management practices, providing governance and support to technology businesses through engagement consultancy, identification of control weaknesses and recommendations for improvement opportunities, and reporting of engagements and related issues. Additionally, the candidate will be responsible for validating the appropriateness of remediation efforts and identifying opportunities to enhance the current issue validation process.
Specifically, this candidate will:

• Understand the firm's Cybersecurity and Technology Controls (CTC) control framework, as well as the framework and evaluation results of legacy policies, standards and controls.
• Provide consultation guidance to other ISMs, Heads of Technology (HoTs), Chief Technology Officers (CTOs) and their management teams to
  • efficiently identify remediation actions, where necessary
  • understand potential observations to inform determination if potential weakness exists
  • consider impacting risk factors including compensating controls, impact and likelihood to determine severity of confirmed weaknesses
• Analyze control requirements, control execution, and/or Issue and Action Plan documentation and supporting evidence to determine whether weaknesses exist and/or have been properly remediated.
• Gather audit, 2nd line and regulatory engagement level data, review data for accuracy and consistency, develop presentations summarizing key data, and present on results in various Risk and Control committees and meetings.
• Maintain awareness of significant changes or updates associated with engagements by attending key status meetings and interacting with involved parties; ensure appropriate communication to impacted stakeholders.
• Interface with Business Control Managers teams to ensure technology risk/issues impacting the business is effectively tracked and communicated
• Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
• Establish and maintain effective relationships with First Line of Defense, Second Line of Defense, and Third Line of Defense to promote the identification, testing and resolution of control issues.
• Partner with product /Tower ISMs in the development and publishing of trending analysis, and engagement reporting.
• Demonstrate advanced understanding of data analysis, understanding of business processes/systems/policies, and problem-solving abilities.

Required Qualifications
This role requires a wide variety of strengths and capabilities, including:

• 7+ years of experience in risk, controls and/or audit role with solid understanding of technology.
• Highly motivated team player with excellent analytical, written and verbal communication skills.
• Proficient in Microsoft Office Suite, particularly excel and powerpoint. Must be able to create presentations for senior level executives and utilize excel formulas (such as vlookups) to analyze data from different sources.
• Experience in SOX Testing, Audit or Compliance testing
• Ability to translate technical and non-technical jargon to commonly understood terminology.
• Understand various control frameworks (PCI, COBIT, ITIL, ISO, SOC, etc.) in practice.
• Professional presence with ability to articulate technical risks in terms of business impact.
• Proven comfort working across large complex environments in virtual settings with ability to quickly acclimate.
• Ability to understand CTC vision and strategy and translate into clear actionable goals, establish priorities and achieve measurable results.
• Ability to quickly analyze and understand technology policies, standards and procedures
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection

CTC (Cybersecurity & Technology Controls)
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
Tech @ JPMC
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 20 technology centers worldwide, our team of 50,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $10B+ annual investment in technology enables us to hire people to create innovative solutions that will are transforming the financial services industry.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.