Information Security Management - Technology Development Control Domain (Associate)

Job Description Come join a small, focused, team helping to identify and enable technology controls for a key product at a major financial institution. We are looking for an energetic, technology-minded controls expert to help us drive technology development controls and provide risk and controls support for our technology development teams.
This Information Security Manager (ISM) role supports the Core Development product at JPMC, focusing in technology development and software security controls performance and compliance. In this role, you will support software engineering and application development teams in the design and implementation of firm-wide security controls across their products. As a ISM, you will also liaise and advise development teams with internal and external control assessments.
Responsibilities

• Identify, document, and report on technology risks and associated controls in your product area.
• Advise in the implementation technology controls to comply with global regulatory requirements.
• Act as a liaison between management, product owner, 2LOD and internal audit.
• Provide governance and oversight of technology risk and controls in partnership with LOB (Line of Business) technology executives, providing senior management with transparency on identified key risks, issue management and remediation activities.
• Proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
• Provide strategic drive for engagement efficient and sustainable control improvements, including process enhancements and use of automated data collection techniques
• Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
• Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits

Skills Required

• 3 or more years of experience in technology or IT risk management, preferably for financial institution and/or strong background in IT Risk Advisory
• Proficiency in information security domains, including policies and standards, risk and control governance and assessments, secure systems development lifecycle, access controls, regulatory compliance, technology resiliency, incident management, vulnerability management, and data protection.
• Demonstrated knowledge of technology and application risk and controls management as a practitioner
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Strong project management and execution skills for driving enterprise-wide risk initiatives
• Experience working with cloud computing environments and respective controls
• Experience with Agile delivery
• Strong analytical and problem-solving skills.
• Certifications such as CISSP, CISM, CRISC, CISA are preferred.

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.