DescriptionAs a Technology Controls - PCI Product Specialist at JPMorgan Chase within the Cybersecurity Technology & Controls, includes overseeing evidence capture approach in support of assessment readiness efforts. The PCI Product Specialist acts as the Subject Matter Expert for their functional area, partnering with control owners and advising on issue remediation to ensure compliance.
Key Responsibilities:
- Capture, review and analysis of PCI required documentation, ensuring readiness for firm-wide assessments.
- Works with Business Assessment Lead & control owners to define functional scope (tools, processes, etc.)
- Proactively monitor Key Risk Parameters to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps.
- Provide guidance on remediation activities as it pertains to functional area, ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process
- Aid in training and spreading technology risk and control awareness within the organization for the applicable function area.
- Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups.
- Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis.
Basic Qualifications:
- Formal training or certification as a Product Specialist* concepts and 5+ years applied experience in technology risk and controls, risk based consulting, risk assessments, audit and regulatory activities, preferably in the PCI Data Security Standards.
- Knowledge and prior experience in all domains of Technology Infrastructure.
- Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment.
- Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.
- Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization and influence without authority.
- Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.
- Aptitude to upskill and learn new technologies based on dynamic requirements.
- Must have cloud knowledge and experience
Preferred Skills:
- Prior QSA or OSA experience
- Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice.
- Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls.
- Advanced understanding of best practices and company policies.
- Knowledge of process-focused methodologies for IT related activities (Change Management, Incident Management, and SDLC).
- Exposure to Risk and Process frameworks: COSO, COBIT, NIST, Cybersecurity Horizontal reviews, ITIL. IT