VP, Technology Risk & Controls Assessor
Wilmington, DE, USA | J.P. Morgan
Functions:Accounting / Control
IT / Information Technology
Job Description:70 people have viewed this job
Bachelor’s degree or equivalent experience
Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
Experience with Agile and the ability to work with at least one of the common frameworks
Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation
Foundational knowledge of: computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing
Intermediate knowledge of: cloud computing, computer network defense, external organizations and academic institutions dealing with cybersecurity issues, financial authorities and regulations, identity management, incident management, information assurance, information management, information systems and network security and infrastructure design
Intermediate knowledge of cybersecurity activities associated with: requirements analysis, risk analytics and modeling, risk management; emerging issues, risks, vulnerabilities and technologies; and vulnerability assessment
The CIB CTC Controls Attestation manager will liaise with various stakeholders including Technology Risk & Controls managers, technology management as well as interfacing with central control functions to help facilitate early detection of control gaps. The resource will be responsible for designing and implement enhanced monitoring and governance controls to ensure their operating effectiveness and adherence to audit requirements.
Lead program readiness protocols to ensure key risks potentially impacting controls in scope for internal and external audits are addressed prior to initiation. Coordinate the centralization of the governance and monitoring controls by facilitating the design and documentation of requirements for the team to be implemented in firm wide strategic tools to proactively monitor audit readiness.
Partner with various stakeholders from the LOB CoE community to identify areas of concerns / opportunities, investigate root cause and drive timely and effective remediation of any operating deficiencies related to IT general controls. Remediation includes management of audit findings, root cause analysis, regulatory intelligence and change management.
Ensure quality standards are achieved in development and maintenance of program documentation, including standard operating procedures for readiness protocols and maintain the catalogue of procedures within internal deliverables tracking tool (e.g. Jira). Work with internal stakeholders to understand and document various current-state control processes and process flows.
Assess IT control testing exceptions; facilitate identification of relevant compensating controls, remediation, validation and closure of deficiencies within defined timeframes. Examine results of internal / external audits for potential cross-impacts on other regulatory and risk programs.