Apply Now    

Cybersecurity Internal Audit

Job Description

The JP Morgan Chase Audit Department is accountable to the Audit Committee of the Board of Directors, the Executive Committee, the Office of the Chairman, senior management and the firm's regulators. The global Internal Audit Department has approximately 1,000 auditors. As one of the key control functions in JPMorgan Chase & Co, the Internal Audit Department is an independent assessment function established to evaluate, test, and report on the adequacy and effectiveness of management systems of internal controls.
The Enterprise Technology Audit group provides global audit coverage for multiple technology organizations within JPMorgan Chase that include Global Technology Infrastructure (GTI), Corporate Technology & Risk and Global Cybersecurity. These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In particular, the Global Cybersecurity business is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.
Position Description:
The Cybersecurity Internal Audit Team is looking for a cybersecurity professional with strong cybersecurity experience who would like to work in a challenging, hands-on, fast paced environment while continuing to develop their existing core cyber skills and building audit and risk management capabilities. This position is ideal for a cyber professional who would like to broaden their skills and bridge the gap between deep technical knowledge and senior management engagement, strategy and risk management. The position will partner with team members and auditors in other business areas to develop risk and control assessments through audit activities for leading cyber services and information security technologies. The position is a New York based role reporting to the Cybersecurity Audit Team Lead and the successful candidate will be required to participate in teams evaluating all areas of cybersecurity including Threat Intelligence, Digital Forensics, Ethical Hacking, Application Security and End Point Security.
  • Participate in all aspects of audit activities including risk assessments, planning, testing, evaluation, report creation, documentation, and determining effectiveness of risk mitigation plans across the Global Cybersecurity business.
  • Establish strong relationships with Global Cybersecurity leadership, related controls groups and business auditors.
  • Provide audit coverage of the key controls supporting cybersecurity across all areas including Security Operations, Vulnerability Assessments, Threat and Attack Analysis, Forensics, and Ethical Hacking.
  • Assist in the development and analysis of key metrics to identify trends in cybersecurity.
  • Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of controls in relation to associated cybersecurity risks.  This may be achieved through specific audit reviews or direct participation in key cybersecurity projects.
  • Share knowledge, techniques and toolsets with colleagues within the team to build proficiency in the Cybersecurity Audit Team
  • Up to approximately 15% travel required.
5 or more years of total work experience in Cybersecurity with hands-on experience in one or more specific areas e.g. threat intelligence, ethical hacking/penetration testing, red teaming, digital forensics, cybersecurity incident response etc.
Required Qualifications
  • Good understanding of defense-in-depth principles and network security architecture plus knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  • Experience with general attack stages (e.g. footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of networking protocols, packet analysis and familiarity with cryptography.
  • Understanding of software-related information technology (IT) security principles and methods (e.g. modularization, layering, abstraction, data hiding, implicity/minimization, firewalls, demilitarized zones, and encryption).
  • Knowledge of common computing platforms and databases including Unix, Windows, and Oracle.
  • Experience with Intrusion Detection/Prevention System (IDS/IPS) tools and applications.
  • Understanding of computer forensic practices and industry standard methodologies for investigating network threats.
Preferred Qualifications
  • Computer Science or related technical degree from an accredited institution.
  • Minimum of one relevant professional certification (CISSP, MCSD, GIAC, CCE, GCFE, CFCE or CEH preferred).
  • Memberships and participation in relevant professional associations.
People/Communication skills
  • Enthusiastic, self-motivated, willing to be challenged and take personal responsibility.
  • Effective verbal and written communication skills.
  • Ability to build strong partnerships across the technology and business teams.
  • Ability to multitask and execute audit activities with minimal supervision.


Req #: 160002235
Location: New York, NY US
Job Category: Accounting/Finance/Audit/Risk
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.