Cybersecurity & Technology Controls - Audit Associate
Req #: 190022943
Location: Plano, TX, US
Job Category: Accounting/Finance/Audit/Risk
J.P. Morgan is a leader in asset management, investment banking, private banking, treasury and securities services, and commercial banking. Today, the firm serves one of the largest client franchises in the world, including corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. Department: The JPMorgan Chase Audit Department is accountable to the Audit Committee of the Board of Directors, the Executive Committee, the Office of the Chairman, senior management and the firm's regulators.
The Internal Audit Department has over 1,000 auditors globally. As one of the key control functions in JP Morgan Chase & Co, the Audit Department is an independent assessment function established to evaluate, test, and report on the adequacy and effectiveness of management systems of internal controls. The Enterprise Technology group provides global audit coverage for multiple technology organizations within JPMorgan Chase including Cybersecurity &Technology Controls (CTC), Global Technology Infrastructure (GTI), and Corporate Technology (CT). These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In addition, they ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.
This position is for an Associate-level Auditor within the Enterprise Technology audit group and will be responsible for performing and leading Cybersecurity & Technology Controls audits in a fast paced environment. This position will also be responsible for partnering with team members and auditors in other business areas to develop risk and control assessments through audit activities for information security technologies. This position is ideal for an individual that has knowledge of various technologies, operating systems, databases, network components and some of the basic principles of cybersecurity. As well as technology processes and audit and risk skills to be able to effectively lead global audits.
Responsibilities of this role will include:
* Participating as well as leading technology audits covering centralized access management functions, in addition to focused areas of cybersecurity such as digital forensics, threat intelligence or red team/penetration testing as well as more general IT process reviews within cybersecurity.
* Monitoring various major cybersecurity development initiatives, and performing continuous risk assessments of coverage areas.
* Participate in all aspects of audit activities including risk assessments, planning, testing, control evaluation, workpaper documentation, report drafting, issue clearance with cybersecurity and access management stakeholders, and follow-up/verification of issue closure.
* In addition, the candidate will develop cybersecurity and technology controls stakeholder relationships as well as partner with Audit team members in other business areas (e.g. Corporate & Investment Bank, Consumer & Community Banking, etc.) to ensure the delivery of a seamless program of control and audit risk coverage.
* To be considered for this role, you may be required to complete a video interview powered by Hirevue
* At least 2 years of technology, audit, or risk experience
* Bachelor's degree in Technology or related field
* Experience with technology infrastructure risk and controls, including administration of Network, O/S (Windows or Linux/Unix), Cloud, Database, Mainframe, and/or Middleware security control reviews
* Knowledge of cybersecurity controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools and toolsets e.g. Kali, Backtrack, Nethunter
* Enthusiastic, self-motivated, willing to be challenged and take personal responsibility
* Excellent verbal and written communication skills
* Ability to build strong partnerships across the technology and business teams
* Ability to multitask and execute audit activities with minimal supervision
* A relevant information security or cybersecurity professional certification is a bonus e.g. CISM, CISSP, CEH, GIAC, MCSE/MCSA, CCNA, CCNP
About JPMorgan Chase
JP Morgan Chase is a financial services provider that offers investment banking, asset management, treasury, and other services.