Job Description J.P. Morgan's Corporate & Investment Bank (CIB) is a global leader across Wholesale Payments, Markets, Security Services and Post Trade Technology. The world's most important corporations, governments and institutions entrust us with their business in more than 100 countries. With $18 trillion of assets under custody and $393 billion in deposits, the Corporate & Investment Bank provides strategic advice, raises capital, manages risk and extends liquidity in markets around the world.
The Cybersecurity & Technology Controls (CTC) group at JPMorgan Chase aligns the firm's cybersecurity, access management, technology controls and resiliency teams. The group proactively and strategically partners with Corporate Investment Bank, other lines of business and Corporate functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm and our client's data safe, stable and resilient.
The CIB CTC Wholesale Payments Information Security Manager will be responsible for managing the technology, operational and regulatory risks related to the Global Payments systems and Global Client Channels services. The Wholesale Payments ISM will be expected to work cohesively with other CTC and CIB control functions, including but not limited to software developers, business control managers, compliance, internal audit & external regulators.
Responsibilities: • Provide leadership to review, analyze impact of and implement technology controls to meet existing and new global regulatory requirements • Assist in the development and implementation of the Firm's technology policies, standards, procedures, control guidance and training• Evaluate technology risks across the various Payment flows, including application design, development, testing practices, as well as technology control design, operation and validation • Lead and participate in programs to evolve and improve the Wholesale Payments cybersecurity and technology control practices and control environments across CIB• Help to develop a risk and control culture focused on the pro-active awareness and improvement of the Wholesale Payments control environments• Provide governance and oversight of technology risk and controls in partnership with CIB Wholesale Payments technology executives, providing senior management with transparency on identified key risks, issue management and remediation activities• Develop and maintain strong business and technology relationships, becoming a trusted partner, as well as building relationships with corporate functions such as Audit, Compliance, Risk and Corporate IT Risk teams
Skills/Experience• Demonstrated knowledge of technology and application risk and controls management as a practitioner• Knowledge of various control frameworks (e.g., FFIEC, COBIT, NIST)• Experience in application security controls (design and/or execution)• Knowledge of Software Development Life Cycle, control requirements and compliance assessments• Strong project management and execution skills for driving enterprise-wide risk initiatives• Audit testing experience required• Excellent written, oral and presentation communication skills• Excellent interpersonal, negotiation and influencing skills• Proficient in the use of Microsoft Office• Knowledge of programming languages (e.g., C/C++, Java, Python) is a plus• Prior US government work experience is a plus• 7+ years' experience in technology or IT risk management, preferably for financial institution and/or strong background in IT Risk Advisory• US Citizenship required.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.