Corporate - Technology Operational Risk Management - Cybersecurity Engineer - Executive Director Jpmorgan Chase & Co.
New York, NY

Job Description

Corporate - Technology Operational Risk Management - Cybersecurity Engineer - Executive Director

Req #: 190023558

Location: New York, NY, US

Job Category: Accounting/Finance/Audit/Risk

Job Description:

The Technology& Cybersecurity Operational Risk Management (Tech & Cyber ORM) is a firm-wide group within Risk Management with oversight responsibility for the implementation of the JPMC Operational Risk Management Framework (ORMF) for Global Technology and Cybersecurity. Tech & Cyber ORM provides an independent view of Technology& Cyber risks to the firm's management and Board of Directors.

Technology & Cybersecurity Operational Risk Management - Cybersecurity Engineer

The Cybersecurity Engineer within Operational Risk Management is responsible for the identification, monitoring, testing, and governance of cybersecurity processes and controls risks inherent in JPMorgan Chase technology environment. This position will be highly engaged with the firm-wide Cybersecurity team who provides high quality security solutions to detect and monitor for threats and vulnerabilities and manage security incidents to keep ahead of threats.

We are looking for a multi-disciplined forward-looking technologist with diverse backgrounds and experiences including in areas such as cybersecurity, big data, compliance and oversight, cloud security, cryptography, rights management, networking technologies (e.g Cisco, Bluecoat, Juniper), and data security architectures. Knowledge of emerging technical trends and cyber threats will be required.

The successful candidate will use experience and leadership skills to give guidance and best practice advice across the Cybersecurity discipline. He/she will lead significant event reviews, risk assessments, and perform monitoring of cybersecurity controls. Written and verbal communication of results of risk assessments will be provided by the Cybersecurity Engineer to management, executive directors, managing directors and stakeholders. The role requires a strong self-starter who can understand program objectives, understand mitigating cybersecurity controls using a logical to independently assess the control environment.

Key responsibilities include:

* Perform deep inspection of specific technologies in targeted processes or firm-wide evaluation.


* Keep abreast of current cyber trends, vulnerabilities, and emerging technologies.


* Engage with cyber teams to gain full understanding of cybersecurity and control environment.


* Perform significant event reviews.


* Independently assess technology risk management and controls across the bank


* Understand third party risks as related to specific technology area of expertise.


* Risk assessment of the impact of threats and vulnerabilities on JPMC technology portfolio.


* Coordination and key participation in the development of the evolving risk position of new technology. For each of the technology areas in focus, this person will be charged with escalating and tracking the individual risk items.


* Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.


* Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; assist LOB OROs in determining the appropriate consideration of technology risk management and risk events.


* Participate in key portfolio governance forums.


* Provide feedback and coordination with the application risk assessment process.


* Identify risk measures and thresholds for monitoring key risk cybersecurity controls.


* BS/BA degree in computer science or equivalent experience.


* 7+ years or more proven experience in technology development, engineering or technical architecture with financial services experience


* Working knowledge and interest of current and emerging technologies


* Knowledge of Cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies


* Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals


* Demonstrated verbal and written communication skills and excellent analytical skills


* Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required.


* Track record of collaboration and relationship building


* Proven ability to anticipate and identify risks and effective mitigants


* Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices


* Proven track record of taking ideas forward without supervision and challenging others, where appropriate


* Adept at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks


* Highly disciplined, able to work with limited supervision and make independent decisions


* Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results


* High level of professionalism, self-motivation, and sense of urgency