Apply Now    

VP Global Cyber Security Audit – Penetration Testing

Job Description

The JP Morgan Chase Audit Department is accountable to the Audit Committee of the Board of Directors, the Executive Committee, the Office of the Chairman, senior management and the firm's regulators. The global Internal Audit Department has approximately 1,000 auditors. As one of the key control functions in JPMorgan Chase & Co, the Internal Audit Department is an independent assessment function established to evaluate, test, and report on the adequacy and effectiveness of management systems of internal controls.
The Enterprise Technology Audit group provides global audit coverage for multiple technology organizations within JPMorgan Chase that include Global Technology Infrastructure (GTI), Corporate Technology & Risk and Global Cybersecurity. These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In particular, the Global Cybersecurity business is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.
Position Description:
The Cybersecurity Internal Audit Team is looking for an experienced cybersecurity professional with extensive experience of penetration testing/ethical hacking who would like to work in a challenging, hands-on, fast paced environment utilizing their existing core cyber skills while building audit and risk management capabilities. This position is ideal for a seasoned cyber professional who would like to broaden their skills and bridge the gap between deep technical knowledge and senior management engagement, strategy and risk management. The position will partner with team members and auditors in other business areas to develop risk and control assessments through audit activities for leading cyber services and information security technologies. The position is a New York based role reporting to the Cybersecurity Audit Team Lead.
  • Participate in all aspects of audit activities including risk assessments, planning, testing, evaluation, report creation, documentation, and determining effectiveness of risk mitigation plans across the Global Cybersecurity business.
  • Establish strong relationships with senior Global Cybersecurity leadership, related controls groups and business auditors.
  • Provide audit coverage of the key controls supporting cybersecurity with specific focus on penetration testing/ethical hacking processes.
  • Assist in the development and analysis of key metrics to identify trends in cybersecurity.
  • Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of controls in relation to associated cybersecurity risks.  This may be achieved through specific audit reviews or direct participation in key cybersecurity projects.
  • Share knowledge, techniques and toolsets with colleagues within the team to build proficiency in the Cybersecurity Audit Team
  • Up to approximately 15% travel required.
10 or more years of total work experience, with at least 8 years in IT Security, Cybersecurity or Audit and significant hands-on experience with ethical hacking/penetration testing or Red Teaming.
Required Qualifications
  • Good understanding of defense-in-depth principles and network security architecture plus knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  • Experience with general attack stages (e.g. footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Solid comprehension of data protection strategies, network and system vulnerabilities, Security Information and Event Management (SIEM), malware, emerging threats, attacks, and vulnerability management.
  • Experience with network protocols (e.g. Transmission Control Protocol and Internet Protocol (TCP/IP), Dynamic Host Configuration Protocol (DHCP) and directory services e.g. Domain Name System (DNS)) and common network tools (e.g. ping, traceroute, nslookup).
  • Knowledge of Unix command line (e.g. mkdir, mv, ls, passwd, grep) and Windows command line (e.g. ipconfig, netstat, dir, nbtstat).
  • Knowledge of penetration testing principles, techniques and tools (e.g. AppScan, Web Inspect, Burp Suite, Nessus, Nmap, Metasploit, viaLab and CANVAS).
  • Familiarity with vulnerability scanning tools such as Tripwire IP360, QualysGuard, Retina desired.
Preferred Qualifications
  • Computer Science or related technical degree from an accredited institution.
  • Minimum of one relevant professional certification- (CISSP, MCSD, GIAC, or CEH preferred).
People/Communication skills
  • Enthusiastic, self-motivated, willing to be challenged and take personal responsibility.
  • Effective verbal and written communication skills.
  • Ability to build strong partnerships across the technology and business teams.
  • Ability to multitask and execute audit activities with minimal supervision.
Req #: 160002227
Location: New York, NY US
Job Category: Accounting/Finance/Audit/Risk
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.