Social network you want to login/join with:
Vice President - Third-Party Cybersecurity Assessor
Location: null, Ireland
Job Category:
Other
EU work permit required:
Yes
Job Reference:
317e05ad8953
Job Views:
179
Posted:
03.03.2025
Expiry Date:
17.04.2025
Job Description:
The Cybersecurity and Technology Controls Assurance organisation is comprised of highly skilled and passionate cybersecurity professionals whose mission is to create a shared understanding of firmwide tech, data and cyber risk enabling our business and customers to make risk-informed decisions.
As a Vice President - Third-Party Cybersecurity Assessor within the Cybersecurity and Technology Controls Assurance organisation, you will play a crucial role in assessing the health and security of JPMC’s Third-Party suppliers. You will identify risks and gaps in their control maturity, evaluate suppliers’ infrastructure, application and control environments, and provide transparency into the cyber resilience, recoverability and operational/data risks associated with key relationships. This role offers the opportunity to engage with a variety of stakeholders, requiring excellent leadership skills and the ability to navigate complex organisations. Your work will have a critical impact on our company, as well as our clients and our business partners around the world.
Job responsibilities:
* Partner effectively with third-party SMEs to conduct detailed evaluations of security controls and practices to identify and articulate risks and gaps in security posture to key stakeholders.
* Assess suppliers' compliance with cybersecurity standards and exposure to industry risks, providing insights into corrective actions and mitigations that will help to strengthen cyber resilience.
* Identify opportunities for process improvement throughout the assessment lifecycle, delivering operational efficiencies and improving supplier assurance.
* Provide guidance and advice to Business, Technology, and Third-Party supplier groups on cybersecurity best practices.
* Support the development of supplier risk metrics to articulate the efficacy of suppliers' security arrangements.
* Participate in thematic analysis, identifying trends/common issues in supplier security posture.
* Partner with Product Security, Tech Risk & Controls, and Risk Pillar leads to raise awareness and drive improvements in Third-Party control implementations.
* Develop and deliver education/best practices with peers and colleagues, as well as third parties.
* Escalate issues associated with suppliers as needed.
Required qualifications, capabilities, and skills:
* Minimum of 3 years relevant experience in cybersecurity in either control delivery, operations, or assessment capabilities.
* Deep understanding of key cybersecurity principles and control implementations that mitigate common threat actor techniques (Email, Network, Endpoint, Resiliency & Recovery (including response plans), Monitoring, End User Awareness, vulnerability management, Identity and Access Management).
* Understanding of industry risk frameworks (ISO27001, NIST Cybersecurity Framework).
* Ability to clearly translate and communicate cyber risk via written, verbal, and presentation formats to a variety of stakeholders in Cyber, Technology, and the Business.
* Able to collaborate and navigate organizational levels/boundaries to develop improvement plans and recommended mitigations.
* Highly analytical, tenacious, and inquisitive mindset.
* Self-starter with drive to deliver results and continuous improvement mindset.
* Process engineering and re-engineering skills.
Preferred qualifications, capabilities, and skills:
* CISSP, CISA, CISM, CCSP, or CRISC certification is a plus.
* Background in Product Security, Incident Response, Technology/Cyber Audit.
#J-18808-Ljbffr