Beginning on Friday, May 15 at 6:00 p.m. ET/ 11:00 p.m. BST/ May 16 at 3:30 a.m. IST/ 6:00 a.m. HKT and extending through
May 31, the opportunities page will be unavailable to search and apply for jobs as we work to improve your experience.

Apply Now    

Global Cyber Security Audit – Forensics & Investigations

Job Description

The JP Morgan Chase Audit Department is accountable to the Audit Committee of the Board of Directors, the Executive Committee, the Office of the Chairman, senior management and the firm's regulators. The global Internal Audit Department has approximately 1,000 auditors. As one of the key control functions in JPMorgan Chase & Co, the Internal Audit Department is an independent assessment function established to evaluate, test, and report on the adequacy and effectiveness of management systems of internal controls.
The Enterprise Technology Audit group provides global audit coverage for multiple technology organizations within JPMorgan Chase that include Global Technology Infrastructure (GTI), Corporate Technology & Risk and Global Cybersecurity. These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In particular, the Global Cybersecurity business is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.
Position Description:
The Cybersecurity Internal Audit Team is looking for an experienced cybersecurity professional with extensive experience of cybersecurity forensics and investigations who would like to work in a challenging, hands-on, fast paced environment utilizing their existing core cyber skills while building audit and risk management capabilities. This position is ideal for a seasoned cyber professional who would like to broaden their skills and bridge the gap between deep technical knowledge and senior management engagement, strategy and risk management. The position will partner with team members and auditors in other business areas to develop risk and control assessments through audit activities for leading cyber services and information security technologies. The position is a New York based role reporting to the Cybersecurity Audit Team Lead.
  • Participate in all aspects of audit activities including risk assessments, planning, testing, evaluation, report creation, documentation, and determining effectiveness of risk mitigation plans across the Global Cybersecurity business.
  • Establish strong relationships with senior Global Cybersecurity leadership, related controls groups and business auditors.
  • Provide audit coverage of the key controls supporting cybersecurity with specific focus on cybersecurity forensics and investigation processes.
  • Assist in the development and analysis of key metrics to identify trends in cybersecurity.
  • Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of controls in relation to associated cybersecurity risks.  This may be achieved through specific audit reviews or direct participation in key cybersecurity projects.
  • Share knowledge, techniques and toolsets with colleagues within the team to build proficiency in the Cybersecurity Audit Team
  • Up to approximately 15% travel required.
10 or more years of total work experience, with at least 8 years IT Security, Cybersecurity or Audit with significant prior experience working in the computer forensics, cybercrime investigation and other related fields with a combination of both public and private sector experience preferred.
Required Qualifications
  • Knowledge of Intrusion Detection System (IDS) tools and applications and common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility (e.g. historical country-specific TTPs, emerging capabilities).
  • Ability to correlate and combine data to develop information about the capabilities, intent, and operations of criminal and/or adversary organizations.
  • Knowledge of types of digital forensics data and how to recognize them plus skill in using binary analysis tools (e.g. Hexedit, command code xxd, hexdump), tuning sensors and detecting host and network-based intrusions via intrusion detection technologies (e.g.Snort).
  • Knowledge of computer forensic best practices and industry standard methodologies for investigating network threats (preferably familiar with EnCase, FTK and X-Ways forensic suites).
  • A proven track record in live forensics, log-file analysis, network forensics, financial malware reverse engineering and data exfiltration.
  • Experience with investigating large data compromise events as well as online banking fraud.
  • Expert knowledge of networking protocols and packet analysis and familiar with common cryptography algorithms.
  • Ability to automate tasks using a scripting language (e.g. Python, Perl, Ruby, etc) and broad knowledge in a variety of programming languages (e.g. C/C++, Java, x86 Assembly, JavaScript).
  • Experience defeating anti-reversing tools and techniques (packers, obfuscation, encryption, etc.) and familiarity with standard software used in reverse engineering (e.g. IDA, WinDbg, VMWare).
Preferred Qualifications
  • Computer Science or related technical degree from an accredited institution.
  • Industry standard digital forensics certifications (CCE, GCFE, GCFA, CFCE, etc) are a plus.
  • Industry standard information security technology certifications (GCIH, GREM, etc) are a plus.
  • Memberships and participation in relevant professional associations.
People/Communication skills
  • Enthusiastic, self-motivated, willing to be challenged and take personal responsibility.
  • Effective verbal and written communication skills.
  • Ability to build strong partnerships across the technology and business teams.
  • Ability to multitask and execute audit activities with minimal supervision.



Req #: 160043366
Location: New York, NY US
Job Category: Accounting/Finance/Audit/Risk
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.