Job Description
As a Vice President - Information Security Management - Framework at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, this role is critical to the overall success of the Information Risk Management program, and requires a combination of in-depth expertise and highly effective organizational skills. The candidate must be a highly motivated individual with strong leadership and influencing skills. They will be able to leverage their experience to advance the firm's framework for managing technology risks and controls, which aligns technology policy with cybersecurity & technology control solutions and (based on metrics and quantitative assessment) appropriately informs the firm's Operational Risk Management reporting. Note that although the framework is established and operational, the space is dynamic, rapidly evolving, and is subject to continuous reassessment and adjusting to the Firm's priorities.
The position will work closely with various partners across the firm, including but not limited to colleagues in Cybersecurity & Technology Controls, Enterprise Technology product & engineering, Information Risk Managers and Technologists in our Businesses and Corporate Functions, Operational Risk Management & Compliance, Audit, as well as regional partners across the globe. The ability to work effectively with a diverse set of stakeholders is essential. The role requires creativity, critical thinking, strong communication and influencing skills, and the ability to work across a large and complex organization that features prominently in both U.S. critical infrastructure and the global financial ecosystem.
Job responsibilities:

• Working within the cybersecurity technology controls framework teams, in partnership with stakeholders from across Global Technology, you will lead the ongoing program to accurately represent and maintain the firm's complex technology operations within the Corporate Operational Risk Environment (CORE) system.
• Consulting with technology owners in Product, Engineering and Operations to appropriately model their processes, sub-processes, risks and controls for assessment. Ensuring technology risk and controls reference data (e.g., risk scenarios, policies, standards, procedures, etc.) is available and aligned for use in CORE, such that assessments are consistent and can be justifiably informed by the performance data gathered from the technology estate (i.e., metrics & measures).
• Consulting with business-aligned information risk managers to ensure technology assessments are aligned and inform business operational risk assessments in a meaningful, actionable manner.
• Collaborating closely with Operational Risk Management and Business Controls Management to ensure that technology risk and control taxonomies are optimized, with supporting systems able to interoperate.
• As the CORE system is used to manage and report the firm's Operational Risk (including information, technology & cybersecurity risk), it is referenced by a majority of the independent assessments, audits and regulatory exams that the firm's technology is continuously subject to. As a result, there are a significant number of partners from across Global Technology and beyond interested in the content of CORE.
• Effective communications, influencing and stakeholder management are key aspects of this role, including with senior and executive management.

Required qualifications, capabilities, and skills:

• Obtain formal training or certification in security engineering concepts and have 7+ years of proven experience in the technology risk & controls and information risk management fields (e.g., identification of technology risks & effective mitigation, technology risk & controls assessments, associated governance & reporting, etc.)
• Knowledge of compliance, conduct, and operational risk management frameworks and processes
• Experience in using common technology controls industry best practice (e.g., from NIST, ISO, ISACA, etc.) frameworks
• Experience in identifying use cases and business logic for continuous controls monitoring, and partnering with product and engineering teams to develop and implement
• Good working knowledge of technology-relevant financial services regulation (e.g., FFIEC handbooks, etc.)
• Good working knowledge of common & current information technology implementations (additional weight given for familiarity with Public and Private Cloud Implementation)
• Adept at developing relationships with senior business executives; reputation for partnering across organization lines to mitigate risks
• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results
• Experience in identifying and using data from large data sets to support enterprise scale initiatives via analytics (such as AI/ML techniques, Alteryx, Tableau)
• Ability to collaborate with high-performing teams and diverse stakeholders to accomplish common goals, including experience working with geographically distributed and culturally diverse colleagues

About Us
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
About the Team
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.