JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Technology Infrastructure (GTI) is the technology infrastructure organization for the firm, delivering a wide range of products and services, and partnering with all lines of business to provide high quality service delivery, exceptional project execution and financially disciplined approaches and processes in the most cost effective manner. The objective of GTI is to balance both business alignment and the centralized delivery of core products and services. GTI is designed to address the unique infrastructure needs of specific lines of business and the demand to leverage economies of scale across the firm.
Information Security’s purpose is to ensure the security and resiliency of the firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. The organization’s goals are accomplished through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that improve the firm's risk posture.
GTI’s Cyber Security organization will operate as a matrix organization, with a select group of subject matter experts reporting to the Chief Information Security Officer (CISO), who will also leverage capabilities from existing experts within GTI.
The Lead Cyber Policy and Governance Architect will influence effective risk management and controls assurance for Global Technology and providing governance and oversight for businesses through risk consultancy, identification of control weaknesses and recommendations for improvement opportunities and reporting of risk issues. Responsibilities include understanding the firm’s standards and policies framework, risk agenda, technology agendas, identifying gaps from a cybersecurity governance perspective, and working to close those gaps. The team will partner closely with GTI Service Owners, Corporate Cyber Standards and Assurance and Risk teams, Corporate Cyber Technology and the LOB risk and controls teams. You will be responsible for standards innovation and strategy, and developing/delivering new standards and guidance to the Global Technology personnel and the firm on any identified governance gaps.
- Accountable for the implementation of new and strategic initiatives related to cybersecurity standards and policies.
- Partner with Global Technology Risk and Controls team to collaborate on cybersecurity risk identification and standards development.
- Partner with Global Technology Standards and Assurance team to ensure all cybersecurity risks are included and addressed in the Global Technology standards framework and associated guidance sent out to technologists.
- Partner with Global Cyber Standards and Assurance team to work on alignment of firm wide standards to NIST and other associated standards frameworks.
- Partner with Global Cyber Standards and Assurance team to ensure adherence to the Connectivity Assurance Program (CAP) in Global Technology Infrastructure
- Responsible for developing Communication and Training plans to promote standards and policies awareness within Global Technology Infrastructure.
- Responsible for collaboration with global stakeholders. Develop and maintain good relationships with business partners. Ensure communication is customer focused and professional.
- Provide leadership, direction and support to staff locally as needed. Responsible for performance management of staff in accordance with corporate guidelines.
- Responsible for managing any exceptions to policy within Global Technology Infrastructure
- Partner with global stakeholders on Supply Chain and Asset Management Security as it relates to Global Technology Infrastructure
- Responsible for overseeing pre-production security verification of new applications
- Bachelor’s Degree or equivalent work experience required; MBA or a Master’s degree in Cybersecurity Policy or similar discipline preferred
- Minimum 15 years of progressive IT experience with at least 10 years of hands on policy and governance experience with NIST, ISO, and other technology standards frameworks
- Experience in development of policy frameworks, as well as corresponding policies and control processes
- Experience in the development and delivery of training and educational programs
- Familiarity with multiple IT risk management framework and control self-assessment process
Personality and leadership:
- The successful candidate will be in the ascendancy of their career, have an incredibly strong work ethic, and demonstrate a hunger to drive change and “roll up the sleeves to get the job done” attitude
- Possess a strong technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience
- Possess the ability to rapidly assimilate business strategies and identify high impact opportunities by applying creative problem solving solutions
- Have a proven record of promoting innovation throughout the technology organization, encouraging individuals at all levels to think creatively and foster a dynamic culture throughout the firm
- Track record of managing across multiple global locations, with a solid understanding of the challenges and benefit
- Experience of managing in a matrix organization, achieving goals through partnership and collaboration
- Have a proven track record of executing on a strategic technology roadmap
- Excellent interpersonal and communication skills, including ability to negotiate, compromise and demonstrate diplomacy in sensitive situations and to interact effectively with senior management across diverse cultures
- Ability to manage complex, critical and dynamic environment where work tasks vary and processes are changing
- Proven executive presentation skills including the ability to communicate risk posture clearly and concisely
- Ability to mentor and provide strategic view into talent development
- Ability to manage and drive technology risk management projects
- Knowledge of IT Risk Standards and User Access Management Policies
- Flexible to travel when required based on business demands