DescriptionContribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.
As an Assessments & Exercises Vice President in the Cyber and Tech Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
This role is part of JPMorgan’s Firmwide Simulation Utility, which focuses on executing targeted resiliency simulations and exercises across all major Lines of Business and Corporate Functions, thereby strengthening the Firm’s operational resilience, technology and business controls, increasing preparedness, and ensuring effective response and recovery capabilities against today’s most prevalent threats. In this role you will interface with the firm’s business and technology leaders to pinpoint areas of emerging risk, partner with deep subject matter experts to craft realistic simulation scenarios and objectives, and drive tangible lessons learned to completion through a robust findings management process that is risk-based and metrics driven. The team partners across all Lines of Business and Corporate Functions to drive & deliver proactive threat-informed scenario based testing, simulations, & assessments that validate readiness and drive down residual risk and provide and end-to-end technology resiliency control framework linked to robust governance & reporting structures to ensure appropriate visibility and accountability. Additional team deliverables include ongoing regulatory & financial industry engagement to support the strengthening of sector-level resiliency & readiness and proactive threat and vulnerability analyses that ensure the above activities are grounded in the current risk landscape and most plausible disruptive scenarios. If you wish to be part of a multi-year, prioritized resiliency investment strategy focused on uplifting core tooling, capabilities, and controls to enable the Firm’s top strategic priorities across key areas such as Public Cloud, Technology Modernization, AI/ML, and ongoing business expansion, then this role is for you!
Job responsibilities
- Lead effective end-to-end planning, design, conduct, and evaluation of both internal and external resiliency simulations in accordance with the firm’s business and technology standards as well as global regulatory frameworks
- Conduct post-exercise after-action analysis, reporting, and assessment, synthesize corrective actions, implement tracking/monitoring of progress, and design future simulations to validate improvements
- Lead engagement with key stakeholders across the firm to develop tailored, all-hazards simulation scenarios that achieve business, resiliency, technology, and/or cyber incident response objectives
- Provide leadership across all aspects of exercise project management, spanning the entire engagement lifecycle (i.e., plan, design, conduct, and assess) to include scheduling meetings, reserving venues, facilitating discussions, and providing senior leader project updates
- Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
- Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
- Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that utilize continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
- Support overall team strategy and capability uplift initiatives to drive rapid maturity
Required qualifications, capabilities, and skills
- 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
- Demonstrated ability to manage multiple, parallel, complex engagements collaboratively with a diverse set of stakeholders, subject matter experts, and senior leaders to build requirements and execute across a core set of project milestones
- Familiarity with how key international financial systems operate, to include an understanding of the current threat landscape, operational resiliency considerations, and possible systemic risk scenarios
- Experience formulating and/or interpreting threat and risk analyses of cyber adversary techniques, technology disruptions, terrorist attacks, severe weather, and other major hazards
- Experience developing and presenting briefings to senior leaders in addition to large group meeting facilitation and logistics planning
- Excellent written skills and ability to communicate effectively. Proficiency in the use of Microsoft Office and related technologies
- Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
- Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
- Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels
Preferred qualifications, capabilities, and skills
- Experience in planning, developing, and coordinating incident response playbooks, runbooks, or other key operational processes across a large organization
- Background in metrics development, risk analysis & visualization, and/or automation
- Background in /knowledge of financial institutions and the banking sector
- Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP), Associate Business Continuity Planner (ABCP) or Certified Business Continuity Planner (CBCP)– showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
- Knowledge/experience in modern programming languages