Vice President - Information Security Management - Framework
Delaware, OH, United States
JPMorgan Chase & Co.
As a Vice President - Information Security Management - Framework at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, this role is critical to the overall success of the Information Risk Management program, and requires a combination of in-depth expertise and highly effective organizational skills. The candidate must be a highly motivated individual with strong leadership and influencing skills. They will be able to leverage their experience to advance the firm’s framework for managing technology risks and controls, which aligns technology policy with cybersecurity & technology control solutions and (based on metrics and quantitative assessment) appropriately informs the firm’s Operational Risk Management reporting. Note that although the framework is established and operational, the space is dynamic, rapidly evolving, and is subject to continuous reassessment and adjusting to the Firm's priorities.
The position will work closely with various partners across the firm, including but not limited to colleagues in Cybersecurity & Technology Controls, Enterprise Technology product & engineering, Information Risk Managers and Technologists in our Businesses and Corporate Functions, Operational Risk Management & Compliance, Audit, as well as regional partners across the globe. The ability to work effectively with a diverse set of stakeholders is essential. The role requires creativity, critical thinking, strong communication and influencing skills, and the ability to work across a large and complex organization that features prominently in both U.S. critical infrastructure and the global financial ecosystem.
Job responsibilities:
- Working within the cybersecurity technology controls framework teams, in partnership with stakeholders from across Global Technology, you will lead the ongoing program to accurately represent and maintain the firm’s complex technology operations within the Corporate Operational Risk Environment (CORE) system.
- Consulting with technology owners in Product, Engineering and Operations to appropriately model their processes, sub-processes, risks and controls for assessment. Ensuring technology risk and controls reference data (e.g., risk scenarios, policies, standards, procedures, etc.) is available and aligned for use in CORE, such that assessments are consistent and can be justifiably informed by the performance data gathered from the technology estate (i.e., metrics & measures).
- Consulting with business-aligned information risk managers to ensure technology assessments are aligned and inform business operational risk assessments in a meaningful, actionable manner.
- Collaborating closely with Operational Risk Management and Business Controls Management to ensure that technology risk and control taxonomies are optimized, with supporting systems able to interoperate.
- As the CORE system is used to manage and report the firm’s Operational Risk (including information, technology & cybersecurity risk), it is referenced by a majority of the independent assessments, audits and regulatory exams that the firm’s technology is continuously subject to. As a result, there are a significant number of partners from across Global Technology and beyond interested in the content of CORE.
- Effective communications, influencing and stakeholder management are key aspects of this role, including with senior and executive management.
Required qualifications, capabilities, and skills:
- Obtain formal training or certification in security engineering concepts and have 7+ years of proven experience in the technology risk & controls and information risk management fields (e.g., identification of technology risks & effective mitigation, technology risk & controls assessments, associated governance & reporting, etc.)
- Knowledge of compliance, conduct, and operational risk management frameworks and processes
- Experience in using common technology controls industry best practice (e.g., from NIST, ISO, ISACA, etc.) frameworks
- Experience in identifying use cases and business logic for continuous controls monitoring, and partnering with product and engineering teams to develop and implement
- Good working knowledge of technology-relevant financial services regulation (e.g., FFIEC handbooks, etc.)
- Good working knowledge of common & current information technology implementations (additional weight given for familiarity with Public and Private Cloud Implementation)
- Adept at developing relationships with senior business executives; reputation for partnering across organization lines to mitigate risks
- Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results
- Experience in identifying and using data from large data sets to support enterprise scale initiatives via analytics (such as AI/ML techniques, Alteryx, Tableau)
- Ability to collaborate with high-performing teams and diverse stakeholders to accomplish common goals, including experience working with geographically distributed and culturally diverse colleagues
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Banking Cloud Compliance FFIEC Governance ISACA Monitoring NIST Risk assessment Risk management
Perks/benefits: Competitive pay Health care Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs