Information Security Mangement – Technology Risk and Control Full Time

Bournemouth, Dorset
JPMorgan Chase & Co
JOB DESCRIPTION

The Technology Risk and Control (TRC) is responsible for coordinating the firm’s operational risk management framework and have a deep knowledge of all aspects of the framework, specifically controls, policies, processes, and standards. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators. In addition, you will help design and deliver on key services/activities our team should be executing as per the JPMC Control and Operational Risk evaluation standard.

This role is part of the Cybersecurity & Technology Controls organisation.The group is a risk partner and consultant accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk. We operate within a complex landscape driven by client expectations and the vastness/variety that comes with operating in 53 countries across the globe.

Job responsibilities:

• Offer guidance, best practices, and support across businesses to drive awareness and understanding of the technology risk and controls framework and challenges to compliance with it.
• Lead risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and stakeholders, and managing budgets.
• Help define technology’s approach for compliance with the firm’s operational risk management framework.
• Serve as a primary point of contact for framework related inquiries as a trusted advisor and authority on application of the framework.
• Advance the design of the technology risk and control framework for expression of the technology risk and control environment
• Work closely with various partners across the firm, including but not limited to colleagues in CTC, Enterprise Technology product & engineering, Information Risk Managers and Technologists in our Businesses and Corporate Functions, Operational Risk Management & Compliance, Audit, as well as regional partners across the globe.
• Develop relationships with senior business executives and partner across organization lines to mitigate risks to accomplish common goals.
• Foster an inclusive, collaborative workplace environment and building/maintaining productive working relationships with all team members and stakeholders
• Function as a subject matter expert and advisor to all of global technology regarding requirements and approach to expression of the technology risk and control environment
• Support service owners in the redesign of TRC services to enable operational consistency and efficiency

Key requirements:

• Technology risk management: candidate likely to have 7+ years technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions.
• At least 7 years work experience in the area of technology risk. Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst.
• Extensive experience with cloud technology including, Hybrid environments, security from the start design (SSDLC)
• Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g. STRIDE)
• Conduct manual, language agnostic code review to identify security related vulnerabilities
• Experience in operational service design across multiple Lines of Businesses/product areas.
• Relevant technical qualifications such as MIRM, CRISC, CISM, CISA, CISSP, AWS Certified Security etc;
• Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization.

About Us

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses, and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 20 technology centers worldwide, our team of 50,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $10B+ annual investment in technology enables us to hire people to create innovative solutions that will are transforming the financial services industry.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans

About the Team

The Cybersecurity & Technology Controls (CTC) team at JPMorgan Chase aligns the firm’s cybersecurity, access management, technology controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to keep the firm safe, stable, and resilient. As part of CTC’s Enterprise Security Technology team, our portfolio empowers developers to deliver secure code faster. Our best-in-class capabilities enable secure cloud adoption that meets customer and control objectives through automation and streamlined processes.

ABOUT US

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

ABOUT THE TEAM

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.