VP, Cybersecurity & Technology Controls Lead
Wilmington, DE, USA | J.P. Morgan
Functions:Accounting / Control
IT / Information Technology
Job Description:71 people have viewed this job
As an experienced professional in our cybersecurity organization, you won’t just be watching over our data – you’ll be finding innovative new ways to protect it in the future. To do that, you’ll help lead a highly motivated team focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. You’ll use your leadership skills to give guidance, advise on best practices and support our business and technology groups. By taking the lead on incident response, risk reviews, vulnerability assessments and identifying threats, you’ll help us deliver cost-effective solutions that put our clients first. You’ll deploy best practices, new policies and emerging trends to strengthen our strategic roadmap. By presenting your findings to senior leaders, you’ll sharpen your communication and presentation skills. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world.
This role requires a wide variety of strengths and capabilities, including:
Bachelor’s degree or equivalent experience
Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
Experience with Agile and the ability to work with at least one of the common frameworks
Manage firm wide technology risk assessment program (CORE) for a Line of Business (LOB), ensuring proper evaluation of controls, identification of significant control deficiencies, partnering with Technology stakeholders and Information Security Managers to define remediation steps to mitigate risk, and provide Technology Leadership with risk posture analysis.Apply strict adherence by all stakeholders to CORE Standards & Procedures.Provide timely delivery on CORE critical milestones tasks and action items.Serve as subject matter expert (SME) on CORE Program and all applications used in support of the CORE program and CCM (i.e. CORE, FORCE, Orama, Controls Room)
Partner closely with Technology stakeholders providing clear direction and guidance during CORE.Program engagement, to manage risks, optimize returns, and enhance the client experience.Partner with Assessment stakeholders during control design and control performance evaluations, to validate and ensure proper documentation of evidence in compliance with CORE Program Standards and Procedures, performing a Quality Assurance of results prior to entry into systems of record, interfacing with.Technology stakeholders and ISMs as required.Maintain strong partnerships with Technology Leadership, Technology stakeholders, ISMs, Assessments Program stakeholders, as well a Business Control partners
Work actively with the Assessment Leads and ISMs to improve technical assessment guidance and evaluation approaches, where appropriate.Responsible for CORE Program Reporting consisting of: weekly status reports; monthly updates for control committees; commentary around KRI/KPI issues and long dated or audit identified issues; CORE assessment results and current risk posture; technology triggers and impact to business operational risk.
Ensure issues management remediation and control re-evaluation in line with CORE Standards & Procedures, consisting of: weekly reporting, tracking, and analysis of trends; issues and related action plans & risk acceptances are timely documented, assigned, and resolved; escalation of non-compliance to senior leadership; assessment stakeholder assignment for control re-evaluation;
Participate in Technology Control Design Authority working groups to improve our ability to identify operational risk, establish controls with focus on automation for continuous control monitoring, adjust to emerging technology and cybersecurity trends, as well as react to new and unexpected threats.
Assist with responses to Internal Audit as it relates to assessment program results.Participate CTC critical programs related to the overall enhancement of the assessment function, as well as support firm wide CTC programs and strategic roadmap.Exhibit a continuous learning mindset for education and awareness.Drive a culture for high performance work environment; two years internal or external technology audit or risk assessment experience.Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients (exposure to risk frameworks like NIST, COBIT, or ISO a plus).Ability to effectively develop and communicate recommendations based on various technical compliance and control assessment results
Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients.Work actively with Technology Leadership, Technology stakeholders, ISMs, and Assessment teams.Technical acumen in a wide variety of distributed systems and technologies such as network infrastructure, cloud, mainframe, software development, and databases. Strong relationship management and project management skills.Detail oriented with ability to examine and evaluate processes, controls and issues to determine risk areas.Ability to work independently and collaborate comfortably in a matrix organization.Proficient analytical and problem solving skills
Experience working with geographically dispersed and culturally diverse teams, often in a virtual environment,CISSP, CRISC, CISA or CISM or other industry-recognized risk and risk certifications preferred.Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.Proficient in MS Office - Microsoft Word, Excel, Access, PowerPoint and SharePoint.