As a Technology Risk Assurance Lead at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, you'll have the opportunity to analyze, prioritize, communicate, and track information security findings generated by our internal cyber security assessment teams.
We're looking for someone who is eager to learn, able to absorb new knowledge, and can communicate risk impact in an approachable and audience-appropriate way. In this role, you'll play a key part in the continuous improvement of our findings management program. You'll collaborate across Risk Assurance teams, Cybersecurity Operations teams, and the wider business, streamlining processes, improving integration with our Governance, Risk and Compliance (GRC) function, and identifying trends and risk themes through the analysis of findings data.
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.
Required qualifications, capabilities and skills:
1. Formal training or certification in Information Security, and/or 5+ years of project management experience with demonstrated experience working on information security projects.
2. Gain experience with cybersecurity operations, common risk management processes, security architecture practices, security engineering, or vulnerability management.
3. Demonstrable knowledge across 2 or more of the following domains; Network Security Architecture/ Cloud Security Architecture Application Security / Penetration Testing / Red Teaming Development, Security, and Operations DEVSecOPS Governance, Risk and Compliance
4. Demonstrable ability to generate technical security reports that are adjusted for audience.
5. Ability to collaborate and communicate with a diverse range of stakeholders, of varying seniority, to effectively articulate risk and drive change.
6. Gain experience in Agile project management and with Agile tools/technology (., Atlassian Jira, Atlassian Confluence).
7. Understanding of offensive and defensive security tools/technologies, such as penetration testing and red team testing platforms, firewalls, IDS/IPS, Web Proxies, and DLP.
Preferred qualifications, capabilities and skills:
8. CISSP, CISM,CISA. Offensive Security (OSCP, OSEP, OSDA), SANS (GIAC, GPEN, GXPN, GWAPT)