DescriptionAs a Technology Risk Assurance Lead at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, you'll have the opportunity to analyze, prioritize, communicate, and track information security findings generated by our internal cyber security assessment teams. You'll be promoted to learn, with the ability to absorb new knowledge and communicate risk impact in an approachable and audience-appropriate way. You'll play a key role in the continuous improvement of our findings management program.
As a strong collaborator, you'll operate across Risk Assurance teams, Cybersecurity Operations teams, and the wider business, streamlining processes, improving integration with our Governance, Risk and Compliance (GRC) function, and identifying trends and risk themes through the analysis of findings data.
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.
Required qualifications, capabilities and skills:
- Obtain formal training or certification in Information Security, and/or 5+ years of project management experience with demonstrated experience working on information security projects.
- Gain experience with cybersecurity operations, common risk management processes, security architecture practices, security engineering, or vulnerability management.
- Demonstrable knowledge across 2 or more of the following domains;
- Network Security Architecture / Cloud Security Architecture
- Application Security / Penetration Testing / Red Teaming
- Development, Security, and Operations DEVSecOPS
- Governance, Risk and Compliance
- Demonstrable ability to generate technical security reports that are adjusted for audience.
- Ability to collaborate and communicate with a diverse range of stakeholders, of varying seniority, to effectively articulate risk and drive change.
- Experience in Agile project management and with Agile tools/technology (i.e., Atlassian Jira, Atlassian Confluence).
- Understanding of offensive and defensive security tools/technologies, such as penetration testing and red team testing platforms, firewalls, IDS/IPS, Web Proxies, and DLP.
Preferred qualifications, capabilities and skills:
- CISSP, CISM,CISA. Offensive Security (OSCP, OSEP, OSDA), SANS (GIAC, GPEN, GXPN, GWAPT)