Job Description Organization Description
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls.
Responsibilities:
Product Manager role supporting our global cyber security vulnerability management and assessments team, managing vulnerabilities at a global scale and delivering next generation application and infrastructure testing.
Responsibilities
The Vulnerability Management & Assessments (VM&A) security product team is in charge of setting the strategy, getting buy-in across the organization and driving execution. This includes:

• Leading complex and firm wide scale VM&A product developments that work across business partners.
• Ensure integration with our other key product domains including Cloud, Network, Endpoint and App Security.
• Develop and maintain multi-year, risk-based product roadmap that clearly represents key deliverables, dependencies & benefits.
• Ensure the accepted product backlog is in place, visible, and managed as capacity and capability is available.
• Align audit & regulatory commitments to products.
• Ensure all commitments are mapped to Product book of work and prioritized.
• Ensure product controls are aligned to and assessed against the firms Threat Scenarios and Risk Framework to model a comprehensive view of control gaps and effectiveness.
• Engage stakeholders in the LOBs to identify needs and map it to network product roadmap to reduce risk.
• Own the Product vision & ensure key Content is readily available to key stakeholders & users.

Qualifications:

• Extensive experience in a product/program management role within enterprise technology and more specifically - Cybersecurity.
• Solid understanding of the end-to-end information technology (IT) process, including architecture, design & engineering, implementation, and operations.
• Demonstrated success in a Product Management construct with an emphasis on information security solutions.
• Experience with Agile practices and working to manage priorities via an active backlog & Jira.
• Breadth and depth of vendor management and selection.
• Proven ability to provide product management artifacts and deliverables such as roadmaps, product overviews, reports, backlog and documentation.
• Knowledge of the latest security and intelligence trends.
• Knowledge or experience of operational practices supporting Vulnerability Management.

Additional skills/background:

• Familiarity with Cyber scanning tools including Qualys, BlackDuck, Snyk, Tenable and Tanium desired.
• Knowledge or experience with Splunk, Phantom, Excel, and SQL.
• Prior hands-on software development or engineering experience is plus - scripting language (i.e. Perl, Python, Powershell, Bash, et al) experience highly desired.
• Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies.
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity - FISMA, PCI, NIST.
• Noted cybersecurity expert, keeping technical skills current and participating in multiple forums.

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. These requirements may include sharing information in the firm's vaccine record tool, vaccination or regular testing, mask wearing, social distancing and daily health checks. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.