The Information Security Manager (ISM) Governance, Risk & Controls Analyst will focus on recently acquired technology to identify applicable control requirements to protect and enable the business, assess control compliance and risk exposure, and manage risk exposure through prioritized risk treatment and remediation programs.
The candidate will also be expected to influence effective risk & control management practices, provide governance and support to technology businesses through risk consultancy, identification of control weaknesses and recommendations for improvement opportunities, as well as providing training and reporting of risk issues.
This includes:
Understand the firm's Cybersecurity and Technology Controls (CTC) control framework, as well as the framework and evaluation results of legacy policies, standards and controls.
Interpret corporate policies and regulatory requirements, inform technology teams on their applicable control requirements and advise on target state solutions to meet those control requirements
Analyze existing control evaluation results and execution of control evaluations to determine weaknesses in control design and/or effectiveness.
Consider impacting risk factors including compensating controls, impact and likelihood to determine severity of identified weaknesses.
Work with other ISMs, Heads of Technology (HoTs), Chief Technology Officers (CTOs) and their management teams to efficiently identify remediation actions, where necessary.
Influence and Drive control and supporting CTC product adoption within the organization for risk identification, treatment and control assessments and assurance.
Socialize change, model pro formas, and cascade communications within the organization
Liaise and oversee the delivery of services performed by CTC product teams
Design controls in partnership with the technology teams, including how to continuously measure its operating effectiveness, providing control implementation support and control validation
Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
Identify requirements needed for uplift, and identify critical challenges to achieving end-state operating model
Interface with Business Control Managers teams to ensure technology risk impacting the business is effectively tracked and communicated
Required Qualifications
This role requires a wide variety of strengths and capabilities, including:
7+ years of experience in risk, controls and/or audit role with solid understanding of technology.
Highly motivated team player with excellent analytical, written and verbal communication skills.
Ability to quickly analyze and understand technology policies, standards and procedures and identify areas of overlap and discrepancies across various control frameworks
Ability to apply various control frameworks (PCI, COBIT, ITIL, ISO, SOC, etc.) in practice.
Strong communication skills with ability to translate technical and non-technical jargon to commonly understood terminology.
Professional presence with ability to articulate technical risks in terms of business impact.
Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
Proven comfort working across large complex environments in virtual settings with ability to quickly acclimate.
Ability to understand CTC vision and strategy and translate into clear actionable goals, establish priorities and achieve measurable results.
Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection
Strong influencing skills, comfortable executing against recommendations and plans by overcoming barriers and resistance
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
