The Cybersecurity and Technology Controls Assurance organization is comprised of highly skilled and passionate cybersecurity professionals whose mission is to create a shared understanding of firmwide tech, data, and cyber risk, enabling our business and customers to make risk-informed decisions. We are seeking an energetic, accomplished, and motivated Cybersecurity Assessor to join our Third-Party Assurance team.
Job Summary:
As a Vice President - Third-Party Cyber Security Architect within the Cybersecurity and Technology Controls Assurance organization, you will play a crucial role in assessing the health and security of JPMC's third-party suppliers. Your responsibilities include identifying risks and gaps in their control maturity, evaluating their infrastructure, application, and control environments, and providing transparency into their cyber resilience, recoverability, and operational/data risks. This role involves engaging with various stakeholders, requiring excellent leadership skills and the ability to navigate complex organizations and build relationships across Business and Technology teams. Your work will significantly impact our company, clients, and business partners worldwide.
Job Responsibilities:
1. Partner effectively with third-party SMEs to conduct detailed evaluations of security controls and practices, identifying risks and gaps in security posture to key stakeholders.
2. Assess suppliers' compliance with cybersecurity standards, analyze exposure to industry risks, and provide insights into corrective actions and mitigations to strengthen cyber resilience.
3. Identify opportunities for process improvements throughout the assessment lifecycle, delivering operational efficiencies and enhancing supplier assurance.
4. Provide guidance and advice to Business, Technology, and Third-Party groups on cybersecurity best practices.
5. Support the development of supplier risk metrics to evaluate the effectiveness of their security arrangements.
6. Participate in thematic analysis to identify trends and common issues in supplier security posture.
7. Collaborate with Product Security, Tech Risk & Controls, and Risk Pillar leads to raise awareness and drive improvements in third-party control implementations.
8. Develop and deliver training and best practices to peers, colleagues, and third parties.
9. Escalate issues related to suppliers as necessary.
Required Qualifications, Capabilities, and Skills:
1. Extensive experience in cybersecurity, including control delivery, operations, or assessment roles.
2. Deep understanding of key cybersecurity principles and control implementations that mitigate common threat techniques across email, network, endpoint, resiliency & recovery, monitoring, vulnerability management, and identity and access management.
3. Knowledge of industry risk frameworks such as ISO27001 and NIST Cybersecurity Framework.
4. Excellent communication skills to articulate cyber risks clearly in written, verbal, and presentation formats to diverse stakeholders.
5. Ability to collaborate across organizational levels to develop improvement plans and mitigation strategies.
6. Highly analytical, inquisitive, and tenacious mindset.
7. Self-starter with a results-driven and continuous improvement approach.
8. Skills in process engineering and re-engineering.
Preferred Qualifications, Capabilities, and Skills:
1. Certifications such as CISSP, CISA, CISM, CCSP, or CRISC are advantageous.
2. Background in Product Security, Incident Response, or Technology/Cyber Audit.
About the Team:
J.P. Morgan is a global leader in financial services, offering strategic advice and products to prominent corporations, governments, wealthy individuals, and institutional investors. Our approach emphasizes trusted, long-term partnerships to help clients achieve their objectives.
We value diversity and inclusion, recognizing our people as our strength. We are an equal opportunity employer, committed to nondiscrimination and reasonable accommodations for religious practices, mental health, or physical disabilities. For more information, visit our FAQs.
#J-18808-Ljbffr