Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm.
As an Information Security Management - Technology Regulatory Assessor, Associate at JPMorgan Chase within the Cybersecurity & Technology Controls (CTC), Regulatory Assessment Delivery Service (RADS) team, you will drive regulatory assessments in APAC, EMEA, LATAM and facilitate coordination through partnerships with Lines of Business (LOBs) technology teams and Information Security Managers. In this hands-on role, responsibilities include understanding the firm’s regulatory requirements and commitments, testing of controls in line with regulatory requirements, understanding the firm’s risk agenda and ultimately improve the firm regulatory, risk and controls posture.
Job responsibilities
• Executes a Book of Work of regulatory assessments in APAC, EMEA, LATAM regions
• Reviews regulatory assessment needs across Lines of Business periodically
• Drives execution of assessments and provide helpful, informative, and timely reporting to key stakeholder
• Provides quality assurance (QA) over assessments to ensure they meet expected requirements
• Facilitates ad-hoc Internal Audit reviews
• Develops and drives continual improvements of assessment practices
• Seeks improvement opportunities such as re-use of tests results across assessments, automation.
• Collaborates with line of business technologists and Information Security Managers
• Develops and maintains strong business and technology relationships, becoming a trusted partner to these groups
• Ensures that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, as well as investigating and resolving control incidents
• Advises LOBs based on testing results to improve compliance posture
Required qualifications, capabilities, and skills
• Bachelor’s degree
• Minimum 5 years of work experience in technology risk and control domains in banking environment
• Hands-on experience executing technology controls assessments
• Experience in managing RFIs for assessments across regulatory needs
• Knowledge of APAC technology regulatory requirements and trend
• Strong interpersonal skills with ability to lead discussions and meetings with management
• Good track record of collaboration
• Good understanding in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• Hands-on knowledge on data analytics tool like Tableau, Qlik, etc., for performing required data analysis and creating dashboards as needed
• Proficient in Microsoft Office - Word, Excel, and Power Point
Preferred qualifications, capabilities, and skills
• Experience working with the FSSCC Financial Services Sector Cybersecurity Profile (FSP)
• CISSP, CISA/CISM, CRISC and any other Information Security Certifications in conjunction with relevant experience
To apply for this position, please use the following URL:
https://ars2.equest.com/?response_id=d7a116b0aeb92ec10c1ff0bacbdfacfd
