JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Technology Infrastructure (GTI) is the technology infrastructure organization for the firm, delivering a wide range of products and services, and partnering with all lines of business to provide high quality service delivery, exceptional project execution and financially disciplined approaches and processes in the most cost effective manner. The objective of GTI is to balance both business alignment and the centralized delivery of core products and services. GTI is designed to address the unique infrastructure needs of specific lines of business and the demand to leverage economies of scale across the firm.
Information Security’s purpose is to ensure the security and resiliency of the firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. The organization’s goals are accomplished through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that improve the firm's risk posture.
GTI’s Cyber Security organization will operate as a matrix organization, with a select group of subject matter experts reporting to the Chief Information Security Officer (CISO), who will also leverage capabilities from existing experts within GTI.
The Lead Cyber Oversight and Reporting Executive Director will ensure alignment in GTI to the firmwide Cybersecurity priorities through establishing budgets, aligning of resources, and reporting results. Primary responsibilities include cybersecurity investment prioritization, organizational effectiveness and reporting, GTI/Cybersecurity engagement, and Corporate Cybersecurity demand management and service consumption. This individual will partner closely with GTI Program, Finance and Business Management, and Corporate Cybersecurity Business and Program Management.
- Responsible for managing the allocation and effectiveness of resources across GTI against the firmwide Cybersecurity priorities.
- Responsible for prioritizing GTI cybersecurity Investment initiatives while balancing risk. Collaborates with GTI Service Owners and GTI Finance and Business Management to establish the GTI cybersecurity budget. Manages execution against the plan.
- Responsible for driving the adoption of the Cybersecurity Service Strategy in GTI to achieve a good risk posture through a risk-conscious behavior. Reviews and monitors performance against SLAs.
- Responsible for ensuring the GTI cybersecurity needs and requirements are documented and understood. Communicates changes to the Cybersecurity service strategy and service delivery within GTI.
- Responsible for ensuring GTI new innovation/demand requirements and priorities are captured through the Cybersecurity Demand Management function with the appropriate risk profile. Further responsible for prioritizing agreed to investments in GTI.
- Responsible for responding to external client queries related to Information Security, including RFPs and RFIs. Manages and distributes the reporting for Information Security related activities. Creates and distributes reporting to the internal Governance and Oversight Committees.
- Responsible for management and oversight of operational performance processes to ensure appropriate Cybersecurity risk. Establishes a performance management system and oversight policies and processes to oversee the operational management of controls.
- Manages the business rhythms for BISO office - includes coordination of town halls/employee engagement events, orchestration of management team meetings, planning offsites, tours, etc.
- Drive and participate in organizational planning and events (e.g., staff meeting agendas, oversight of cross-organization initiatives (like Roadmap 3.0), management offsite planning and execution, etc.)
- Responsible for headcount forecasting and analysis - includes managing resource plans for future adds / reductions, org chart maintenance, act as central point of contact for all headcount requests prior to BISO approval, maintaining key stats like aging of requisitions, attrition, location, etc.
- Responsible for collaboration with global stakeholders. Develop and maintain good relationships with business partners. Ensure communication is customer focused and professional.
- Provide leadership, direction and support to staff locally as needed. Responsible for performance management of staff in accordance with corporate guidelines.
- Bachelor’s Degree or equivalent work experience required; MBA or a Master’s degree in Cybersecurity Policy or similar discipline preferred
- Minimum 15 years of progressive IT experience with at least 10 years of hands on policy and governance experience with NIST, ISO, and other technology standards frameworks
- Experience in development of policy frameworks, as well as corresponding policies and control processes
- Experience in the development and delivery of training and educational programs
- Familiarity with multiple IT risk management framework and control self-assessment process
Personality and leadership:
- The successful candidate will be in the ascendancy of their career, have an incredibly strong work ethic, and demonstrate a hunger to drive change and “roll up the sleeves to get the job done” attitude
- Possess a strong technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience
- Possess the ability to rapidly assimilate business strategies and identify high impact opportunities by applying creative problem solving solutions
- Have a proven record of promoting innovation throughout the technology organization, encouraging individuals at all levels to think creatively and foster a dynamic culture throughout the firm
- Track record of managing across multiple global locations, with a solid understanding of the challenges and benefit
- Experience of managing in a matrix organization, achieving goals through partnership and collaboration
- Have a proven track record of executing on a strategic technology roadmap
- Excellent interpersonal and communication skills, including ability to negotiate, compromise and demonstrate diplomacy in sensitive situations and to interact effectively with senior management across diverse cultures
- Ability to manage complex, critical and dynamic environment where work tasks vary and processes are changing
- Proven executive presentation skills including the ability to communicate risk posture clearly and concisely
- Ability to mentor and provide strategic view into talent development
- Ability to manage and drive technology risk management projects
- Knowledge of IT Risk Standards and User Access Management Policies
- Flexible to travel when required based on business demands