JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Continual enhancement of the confidentiality, integrity and availability of data and systems through a robust information security agenda is a key strategic objective of JP Morgan Chase. Cyber Security and Identity & Access Management are growing areas with significant senior management support. A number of workstreams, programs and projects are planned to further enhance the security and controls across the company. Strong information security team members are required to support this objective.
Risk & Finance Technology (RFT) builds and supports the firm's financial infrastructure to ensure Finance professionals have access to the tools and information necessary to drive success. In partnership with Global Finance Operations (GFO), Global Technology Infrastructure (GTI) and others, we deliver solutions that meet the requirements of our key clients - the JPMorgan Chase CFO and Corporate Finance Organizations, as well as all line of business CFO teams.
The Risk and Controls organization within Risk & Finance Technology is looking for a lead for Cyber Operations. The Cyber Operations team coordinates closely with Cyber Security and all other lines of business to develop firm-wide projects and priorities and works with Risk & Finance Technology on implementation. The team provides central support and in depth knowledge in the areas of Application Security, Vulnerability Remediation, Threat Modeling and Data Protection. The team manages the firm-wide Data Loss Prevention functions, SSC and ASC programs, provides project management for Cyber project to Firmwide Cyber Program.
The successful candidate will report to Head of RFT Risk and Controls and be responsible for working within one of the highest growth areas within JP Morgan Chase. The team lead will support the development and ongoing assessment of information security across JP Morgan Chase. The role supports both technology and the business in providing end to end security to ensure first class security capabilities. The role will support the broad spectrum of information security responsibilities from strategy development, ongoing security assessments, risk analysis and project management to improve security capabilities.
The ideal candidate would be able to demonstrate a sound understanding of Cyber Security, Operational Risk, Information Security and have experience in financial services and/or consulting.
The role will report to the Head of RFT Risk and Controls and will be based in Brooklyn.
§ Provide SME in risk management, application security and vulnerability management in RFT
§ Project Engagement – SME support for Technology, TCO and Cyber Security teams to assist in application security assessment through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities and providing remediation guidance
§ Process – Develop, Implement and manage secure software life cycle processes to that will assist the application development teams in integrating security requirements within their applications and databases
§ Data Analysis – understand, interpret, validate, manipulate data using excel and other tools, and present conclusions and recommendations
§ Impact Analysis – Review proposed solutions and develop use cases to explain/demonstrate requirements/specifications to key stakeholders
§ Project Management – provide Firmwide Cyber Program view of RFT projects, ensure management reporting
§ Contribute to the development and implementation of application security software, policies, standards, procedures, and guidelines
§ Provide baseline metrics and reporting, both during impact analysis and on-going execution of risk-driven projects, organize and deliver clear and accurate data for Technology and Executive ManagementAssist RFT TCO and Technology Teams to ensure that RFT can engage effectively in support of all risk-based projects
§ Information security certifications (CISSP, CSSLP, CEH/CPT, CISM or related certifications) would be preferred
§ A graduate degree or equivalent experience in computer science is also required
§ Excellent written and verbal communication skills
§ Very strong data analysis, both quantitative and qualitative
§ Good reasoning and logic, problem solving and project management skills
§ Exposure to financial services systems and processes preferably in Investment Banking
§ Experience in working with diverse cross geography teams
§ Self motivated individual, comfortable working without close supervision and with ability to meet deadlines
§ Team player with proven ability to build strong cross-business relationships
§ Exposure to information security principles and relevant standards including Access Management, Change Management, Security Incidents and Business Continuity Management
§ Strong understanding of secure software development life cycle
§ Working knowledge of application assessment, application security vulnerabilities, code review methodologies, and secure coding practices
§ Exposure to information security vulnerability concepts, issues and mitigation methods
§ Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
§ Working knowledge of software penetration testing, secure code review, architectural risk assessment, static code analysis
§ Exposure to automated application security-related tools such as AppScan, Fortify, QualysGuard and other commercial and open source tools
§ Exposure to manual assessment tools such as HTTP Proxies, browser plug-ins, automation scripts, etc.
§ Experience in a similar role
§ Experience of technology projects and/or the RFT business a plus
Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.
The firm invites all interested and qualified candidates to apply for employment opportunities.
If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.