JPMorgan Chase & Co. (NYSE: JPM)
is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at www.jpmorganchase.com
Corporate Technology and Risk's (CT&R) purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture. The IT Risk team is composed of firm-wide functions (IT Risk Management, Infrastructure Security Solutions, Identity & Access Management, and Application security) as well as business-aligned risk & resiliency management teams that affect the technology risk program across JPMC.
The Global Cyber Security & Recovery Resiliency Technical Lead will be responsible for partnering with Cyber Security, LoB CISO’s and Technologists across the Firm in developing real life scenarios and appropriate solutions where gaps exist, thereby driving the timely and successful execution of the Firm-wide Recovery and Resiliency strategy within the Cyber Security arena.
The successful candidate will be a strong technologist with pragmatic view and creative mind, and a natural collaborator with LoB security architects, engineers, developers and senior management. The Resiliency Lead is expected to lead through influence, communicate effectively through clarity of thought and demonstrated understanding of business and technical requirements. In addition the candidate must possess strong leadership skills and demonstrated success in managing teams particularly in a matrix fashion.
Position Key Responsibilities:
- Partner with Cyber testing, Simulation, Infrastructure and Application development teams to develop new testing scenarios and maintain existing plans
- Provide key leadership as the technology authority within in the Cyber resiliency team
- Work closely with Cyber, Lob Security architects and infrastructure technologists to develop remediation solutions, where appropriate
- Ensure all implemented cyber resiliency solutions have validation plans in place including continuous improvement plans
- Ensure that recovery playbooks are clearly defined, documented, communicated, adhered to, and are audit compliant
- Define and implement post-mortem / root-cause analysis processes – develop improved testing scenarios based upon analysis
10+ years of strong hands-on experiences and technical depth in one, or more technology areas, including Data security, Infrastructure security, Endpoint/Platform security, Distributed Technologies, Replication technology, Cloud or Application Security.
Knowledge of network security architecture concepts, including topology, protocols, components, and principles would be advantages
- Some Programming experiences in one or more languages (scripting/functional/imperative -- C/C++, Java, Python, Scala, R, etc.) would be advantages
- Proven leader with successful track record driving large scale technology projects from inception to implementation
- Strength in both business and technical requirements analysis
- Strong written and verbal communication skills
- Ability to think strategically about how to create business led solutions and ability to communicate effectively to both business and technical audiences
- Ability to orchestrate and drive complex strategies and solutions
- Proven ability to build strong, cohesive partnerships with the business, operations, technology & other key stakeholders, including external vendor partners, and work effectively in a matrix organization.
- Superior analytical and problem solving skills
- Strong leadership and communication skills
- Prior experience working with external auditors and regulators as Firm representative for cyber security standards
In depth knowledge of system and application vulnerabilities e.g. OWASP, NIST, SANS…
Ability to present to larger audience and manage large working group.
Ability to keep abreast with latest threats, attacking techniques and mitigating strategies.
Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly / minimization...)
Skill in conducting security design reviews and recognizing vulnerabilities in systems
Prior experience in Cyber security design / engineering would be advantageous
Prior experience in disaster / cyber recovery planning and testing would be advantages
- Bachelor's degree in Computer Science, or a related field
- CISSP, CISM, CISA a bonus
The ideal candidate would have been in a Cyber security engineering / architecture role and or been in a CISO role.