Beginning on Friday, May 15 at 6:00 p.m. ET/ 11:00 p.m. BST/ May 16 at 3:30 a.m. IST/ 6:00 a.m. HKT and extending through
May 31, the opportunities page will be unavailable to search and apply for jobs as we work to improve your experience.

Apply Now    

Information Risk Analyst

Job Description

Description – Internal:
Cyber Security Engineer - RFT – Risk & Finance Technology
 
Continual enhancement of the confidentiality, integrity and availability of data and systems through a robust information security agenda is a key strategic objective of JP Morgan Chase. Cyber Security and Identity & Access Management are growing areas with significant senior management support. A number of work streams, programs and projects are planned to further enhance the security and controls across the company. Strong information security team members are required to support this objective.
 
Job Description:
The CISO organization within Risk & Finance Technology is looking for a strong security engineer to join Security Operations.  The Security Operations team coordinates closely with Cyber Security and all other lines of business to develop firm-wide projects and priorities and works with Risk & Finance Technology on implementation.  The team provides central support and in depth knowledge in the areas of Application Security, Vulnerability Remediation, Threat Modeling and Data Protection.  The team manages the firm-wide Data Loss Prevention functions and coordinates the SSC and ASC programs.
 
The successful candidate will be responsible for working within one of the highest growth areas within JP Morgan Chase.
 
The candidate will support the development and ongoing assessment of information security across JP Morgan Chase. The role supports both technology and the business in providing end to end security to ensure first class security capabilities. The role will support the broad spectrum of information security responsibilities from strategy development, ongoing security assessments and risk analysis to improve security capabilities.
 
The ideal candidate would be able to demonstrate a sound understanding of Cyber Security, Operational Risk, Information Security, and have experience in financial services and/or consulting.
 
The role will be part of the RFT Chief Information Security Office and will be based in Hyderabad.
 
Key Responsibilities:
  • Provide SME in Risk Management, Application Security and Vulnerability Management in RFT
  • Project Engagement – SME support for Technology, IRM and Cyber Security teams to assist in application security assessment through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities and providing remediation guidance
  • Monitor and enhance controls around the key scanning processes employed by the firm e.g. Black Duck, SSAP Static, Dynamic & Threat Modelling
  • Partner with AD Managers and Application Security Champions to obtain remediation plans for vulnerabilities identified by the scanning processes
  • Evaluate tollgate requests to ensure new application code being released does not introduce vulnerabilities into the production environment
  • Participate in firm-wide initiatives and projects to communicate enhanced controls and scanning requirement to the AD community in Asia
  • Participate in the production of weekly and monthly metrics 
  • Partner with AD teams to ensure application level reference data is accurately reflected on firm wide systems
  • Develop and enhance existing controls around application scanning
  • Assist RFT IRM and Technology Teams to ensure that RFT can engage effectively in support of all risk-based projects
 
Qualifications - Internal:
Key Skills/Qualifications:
  • A graduate degree or equivalent experience in Computer Science is required
  • Information Security Certifications (CISSP, CSSLP, CEH/CPT or related certifications) preferred
  • Excellent written and verbal communication skills
  • Very strong data analysis, both quantitative and qualitative
  • Good reasoning and logic, problem solving, project management skills
  • Exposure to financial services systems and processes preferably in Investment Banking
  • Experience in working with diverse cross geography teams
  • Self-motivated individual, comfortable working without close supervision and with ability to work to deadlines
  • Team player with proven ability to build strong cross-business relationships
  • Exposure to Information Security Principles and relevant standards, including Access Management, Change Management, Security Incidents and Business Continuity Management.
  • Strong understanding of Secure Software Development Life Cycle
  • Working knowledge of application assessment, application security vulnerabilities, code review methodologies, and secure coding practices
  • Exposure to information security vulnerability concepts, issues and mitigation methods
  • Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
  • Working knowledge of software penetration testing, secure code review, architectural risk assessment, static code analysis
  • Exposure to manual assessment tools such as HTTP Proxies, browser plug-ins, automation scripts, etc.
  • Experience in a similar risk role
  • Experience of technology projects and/or the RFT business a plus
Description – Internal:
Cyber Security Engineer - RFT – Risk & Finance Technology
 
Continual enhancement of the confidentiality, integrity and availability of data and systems through a robust information security agenda is a key strategic objective of JP Morgan Chase. Cyber Security and Identity & Access Management are growing areas with significant senior management support. A number of work streams, programs and projects are planned to further enhance the security and controls across the company. Strong information security team members are required to support this objective.
 
Job Description:
The CISO organization within Risk & Finance Technology is looking for a strong security engineer to join Security Operations.  The Security Operations team coordinates closely with Cyber Security and all other lines of business to develop firm-wide projects and priorities and works with Risk & Finance Technology on implementation.  The team provides central support and in depth knowledge in the areas of Application Security, Vulnerability Remediation, Threat Modeling and Data Protection.  The team manages the firm-wide Data Loss Prevention functions and coordinates the SSC and ASC programs.
 
The successful candidate will be responsible for working within one of the highest growth areas within JP Morgan Chase.
 
The candidate will support the development and ongoing assessment of information security across JP Morgan Chase. The role supports both technology and the business in providing end to end security to ensure first class security capabilities. The role will support the broad spectrum of information security responsibilities from strategy development, ongoing security assessments and risk analysis to improve security capabilities.
 
The ideal candidate would be able to demonstrate a sound understanding of Cyber Security, Operational Risk, Information Security, and have experience in financial services and/or consulting.
 
The role will be part of the RFT Chief Information Security Office and will be based in Hyderabad.
 
Key Responsibilities:
  • Provide SME in Risk Management, Application Security and Vulnerability Management in RFT
  • Project Engagement – SME support for Technology, IRM and Cyber Security teams to assist in application security assessment through the use of automated tools and manual techniques to identify and verify exposure to common security vulnerabilities and providing remediation guidance
  • Monitor and enhance controls around the key scanning processes employed by the firm e.g. Black Duck, SSAP Static, Dynamic & Threat Modelling
  • Partner with AD Managers and Application Security Champions to obtain remediation plans for vulnerabilities identified by the scanning processes
  • Evaluate tollgate requests to ensure new application code being released does not introduce vulnerabilities into the production environment
  • Participate in firm-wide initiatives and projects to communicate enhanced controls and scanning requirement to the AD community in Asia
  • Participate in the production of weekly and monthly metrics 
  • Partner with AD teams to ensure application level reference data is accurately reflected on firm wide systems
  • Develop and enhance existing controls around application scanning
  • Assist RFT IRM and Technology Teams to ensure that RFT can engage effectively in support of all risk-based projects
 
Qualifications - Internal:
Key Skills/Qualifications:
  • A graduate degree or equivalent experience in Computer Science is required
  • Information Security Certifications (CISSP, CSSLP, CEH/CPT or related certifications) preferred
  • Excellent written and verbal communication skills
  • Very strong data analysis, both quantitative and qualitative
  • Good reasoning and logic, problem solving, project management skills
  • Exposure to financial services systems and processes preferably in Investment Banking
  • Experience in working with diverse cross geography teams
  • Self-motivated individual, comfortable working without close supervision and with ability to work to deadlines
  • Team player with proven ability to build strong cross-business relationships
  • Exposure to Information Security Principles and relevant standards, including Access Management, Change Management, Security Incidents and Business Continuity Management.
  • Strong understanding of Secure Software Development Life Cycle
  • Working knowledge of application assessment, application security vulnerabilities, code review methodologies, and secure coding practices
  • Exposure to information security vulnerability concepts, issues and mitigation methods
  • Understanding of OWASP security concepts and common application security risks, such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
  • Working knowledge of software penetration testing, secure code review, architectural risk assessment, static code analysis
  • Exposure to manual assessment tools such as HTTP Proxies, browser plug-ins, automation scripts, etc.
  • Experience in a similar risk role
  • Experience of technology projects and/or the RFT business a plus
Req #: 160039134
Location: Hyderabad, AP IN
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 35000 Indian Rupee (INR)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.


Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.