Job Description

:

As a member of the CIB Technology Control Management team, you will join colleagues passionate about information security and control solutions for computing environments. You will partner with one or more disciplines, lines of business, regions, or locations to respond to evolving business requirements and emerging threats. This role engages in areas of development, design, and monitoring of corporate and global control programs, and acts as a liaison between management, technology, the business and internal audit. You will also leverage your expert knowledge of today\'s ever-changing cybersecurity and risk landscape to influence IT operations. Responsibilities include translating technology control requirements to measurable data, completing thematic analysis to identify compliance friction points and overseeing improvement program execution to remote those friction points from the ecosystem. Along the journey you will offer guidance, best practices, and support across businesses, lead root cause analysis reviews, surface control gaps, communicate with stakeholder and contribute to the governance framework.

The prime responsibilities of the Technology Control Management Team are to:

• Be able to work across multiple domains, building new agendas and workflows as the control ecosystem changes.
• Provide guidance and oversight to multiple projects across the team as required.
• Ensure projects stay aligned with the core objectives and re-baseline projects as needed if they become derailed.
• Escalate effectively to senior management related to risk of delivery or risks not correctly registered in systems of records.
• Be passionate about data, analyzing complex data sets to find trends and designing reports to drive process improvements.
• Contribute to effective risk & controls compliance by creating data-based, thematic analysis connecting several data sources in a repeatable, defensible manner.
• Be versatile and able to engage across a diverse technology and related controls landscape - experience working the technology development teams will be beneficial.
• Have a controls mindset and interpret controls so that application owners can understand the next right thing to do.
• Drive effective risk & controls management and support the technology teams - experience managing a technology controls landscape will be beneficial.
• Identify the root causes of control weaknesses and provide process and product improvement recommendations.
• Articulate the impact and associated risk reduction potential that could result from implementing identified improvement opportunities.
• Understand risk posed by controls lapsing and be able to prioritize and escalate to mitigate that risk exposure.
• Articulate the business impact and associated risk and educate stakeholders on proactive measures to remediate.
• Be customer focused and incorporate delighting customers with every result and delivery.
• Be a self-starter and a culture-carrier, able to complement fellow team members\' skill sets and contribute to a cohesive team environment.
• Be equally capable in verbal and written communication and contribute to the team\'s communication strategy.
• Engage with application development teams directly to understand \xe2\x80\x9cfit-for-purpose\xe2\x80\x9d gaps and drivers of inefficiency.
• Create guidance and quick start guides for execution gaps specific to the CIB line of business.
• Prepare management facing communication highlighting successes and challenges.
• Respond to direct customer requests and use individual customer feedback as an input to change analyses.

This role requires a wide variety of strengths and capabilities, including:

• Bachelor\'s degree or equivalent experience
• Managing and resolving requests to help application teams by conducting initial investigations and coordinating with subject matter experts to identify solutions.
• Maintaining and reviewing performance dashboards to identify trends and new focus areas to conduct root cause investigations.
• Conducting investigations and root cause analysis to define a recommendation.
• Designing responses and engagements for newly identified hot spots.
• Sharing root cause analysis results with other impacted teams to maximize the impact of the team.
• Keeping current on the controls and technology landscapes and updating job aids and knowledge articles as needed
• Proactively communicating to customers and stakeholders where action is needed.
• Collaborating with technology partners to develop controls findings remediation guidance to help customers quickly and effectively resolve security risks related to applications.
• Reflecting changes to technology and controls in a growing ServiceNow knowledge base to deliver just-in-time information to technology teams.
• Facilitating office hours for focus areas to bring customers and subject matter experts together.
• Contributing to governance forums to communicate accomplishments, risks and opportunities.
• Creating dashboards, decks and prototype reports to drive results and create transparency.
• Excellent data analysis skills including being able to use data to tell a compelling story highlighting improvement opportunities.
• Experience managing adherence to metric compliance thresholds and explaining deviations from expected performance levels.
• Familiarity with SQL, Excel, VBA, Tableau and preferably Python
• Ability to communicate idea and track governance using Confluence, Jira and PowerPoint
• Passionate about automating and creating seamless experiences for technologists to comply with controls.
• Strong written and verbal communication skills and ability to present results to stakeholders.
• Proven problem-solving skills to identify root cause of issues and propose solutions.
• Knowledge of multiple IT control and project management practices and experience working across large environments.
• Applicable working experience in multiple security domains (e.g., application security, Identity & access management, vulnerability reduction, data protection, encryption, logging and monitoring, network security).
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development .lifecycle, vulnerability management, and data protection.
• 3+ years of experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security.
• Preferable experience of Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
• Preferable experience with ServiceNow.
• preferable experience working with modern architectures like cloud computing. AWS certification a plus.
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC).

About Us: J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world\'s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants\' and employees\' religious practices and beliefs, as well as mental health or physical disability needs. Visit our for more information about requesting an accommodation.

About the Team: The Corporate & Investment Bank is a global leader across investment banking, wholesale payments, markets and securities services. The world\'s most important corporations, governments and institutions entrust us with their business in more than 100 countries. We provide strategic advice, raise capital, manage risk and extend liquidity in markets around the world.

JPMorgan Chase