Job Description:

Our senior leaders in Cyber Security & Technology Controls (CTC) Global Technology Resiliency (GTR) are passionate experts in technology resiliency and recovery, crisis management, risk analysis, and control solutions. Our purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. Execution and delivery is achieved through active collaboration with other control areas (Cyber Security Technology Control Organization, Global Technology Infrastructure, Global Supplier Services, Lines of Business, Risk Management, and Cloud Enablement Team) to safeguard and protect the firm's assets.

In this Vice President (VP) role, as a part of the Critical Infrastructure and Third Party Resilience Team, you will report to the Global Lead for Critical Infrastructure and Third Party Resilience, and focus on Firm Wide Technology Resilience. You will partner with a team of experts across all lines of technology and business to help ensure the Firm's compliance with global laws and regulations as they relate to resiliency risk and improve the availability and resiliency capabilities of our critical business services, applications, and infrastructure for JPMC and our Third Parties. Execution and delivery is achieved through active collaboration with multiple teams to safeguard and protect the Firm's assets.

The ideal candidate must possess strong leadership skills and demonstrated success in managing risk, and resilience topics across matrix teams, driving multiple complex and large scale initiatives. The individual must be extremely disciplined and organized, yet comfortable in a rapidly changing, dynamic environment. A high energy, fast paced, results driven, "roll-up your sleeves" attitude, and commitment to success are essential. Strong verbal and written communication skills, as well as, experience presenting and influencing senior managers are a must.

The VP, Critical Infrastructure, Third Party Resiliency Technical lead will be responsible for prioritizing the Critical Infrastructure and Third Party assets to the firm and driving security, and controls solutions, developing real life scenarios, directing and participating in testing, table-tops, exercise, incorporating lessons learned, and applying solutions where gaps exist. This new Team works across JPMC with Critical Infrastructure internal and external stakeholders to build a new program focused on bringing attention to issues and managing risk for the firm. The Team focuses on Resilience by Design at the onset of a relationship to ensure sound practices are in place during on-boarding, through validation of supplier contracts, and their periodic assessments. The team then forms readiness plans to govern Third Party applications and services that are critical to the firm. Additionally, participating in supplier incident reviews and improvements is key, therefore a strong understanding of Cyber Security practices is also essential in understanding partner infrastructure, networks, and challenges.

The successful candidate will be a strong technologist who is flexible, resilient, an innovative thinker, as well as a natural collaborator with program managers, security architects, engineers, developers and senior management from across the organization. This Technical Lead is expected to lead through influence, communicate effectively through clarity of thought and demonstrated understanding of business and technical requirements. In addition the candidate must possess strong technical leadership skills and demonstrated success in working with teams particularly in a matrix fashion.

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

Key Objectives:

VP Critical Infrastructure, Third Party Resilience - Position Expectations:

• Understand and identify technology resiliency risks to JPMC Critical Infrastructure and our Third Party Suppliers, develop and document mitigation action plans through to resolution
• Coordinate and collaborate with the Lines of Business (LOBs) to understand risks, criticality of services, and applications. Team to ensure efforts are in sync and create solutions for improvement for all.
• Develop and ensure adherence to internal policies and procedures, technology control standards, and applicable regulatory guidelines for Critical Infrastructure and Third Party
• Participate in Regulatory meetings with a focus on Critical Infrastructure and Third Party to drive solutions that will benefit JPMC. A comprehensive knowledge of global Third Party risk regulatory requirements and industry standard risk frameworks is a must. Expected to be able to communicate effectively with internal / external audit, risk managers and regulators both verbally and written in a variety of situations, including one to one, committee meetings and formal presentations, if needed
• Develop automated and data driven proactive readiness to improve supplier resiliency for the firm, and an approach to resiliency that will ensure applications are initially designed and evergreen in a resilient manner
• Automate and streamline technology availability and disaster recovery test planning, execution and reporting processes for Third Party
• Develop technology resiliency risk reporting, including metrics, scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes. Help to create where there are gaps in the development of new reporting dashboards, and other capabilities for Critical Infrastructure and Third Party in order to automate and effectively understand gaps and breaks
• Understand the firms Critical Infrastructure dependencies, partner with stakeholders to work towards consolidated and automated solutions for predicting and preventing crisis, and implementing resilient controls
• Participate in Supplier cyber incident management through having a sound understanding of Cyber Security frameworks and cyber incident management tactics
• Influence behavior to reduce risk and foster a strong technology resilience management culture throughout the enterprise
• Partner with GTR colleagues to leverage lessons to implement consistent approaches proactively develop regional initiatives

• Demonstrate a positive, visible, and collaborative approach to leadership, where team accomplishments are celebrated and rewarded, and everyone's talents are respected and embraced.

This role requires a wide variety of strengths and capabilities, including:

Skills and Characteristics

• 6 - 8 years of experience in one or more Cybersecurity or Technology Controls (ITIL, COSO, NIST, COBIT) disciplines including global operations delivery preferably in the Financial Services Industry.
• 6 - 8 years of experience in information technology risk management, third party risk management including risk identification, classification, and remediation.
• 6 - 8 years of experience in Business Continuity Management/Planning
• 2 - 4 years of exposure to program management processes. Recent exposure to Agile concepts and tools like JIRA and Confluence also preferred.

• Prior experience in disaster and/or cyber recovery planning and testing would be advantageous

• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection

• Extensive experience in working with regional teams, building and leading high-performance teams
• Bachelor's Degree Required, Master's Degree Preferred.
• Possessing one or more Information Security certifications is a bonus, such as CISSP, CISA, CISM, CSSP, or CRISC is a plus.

• Ability to keep abreast with latest threats, attacking techniques and mitigating strategies.

• Experience debating issues and topics with senior decision makers
• Strong written and verbal presentation skills at the senior management level across various business groups.
• Ability to translate detailed technical requirements into clear and concise risk descriptions and control expectations
• Ability to drive consensus and navigate diverse requirements and priorities
• Flexible and adaptive; strong relationship building and influencing skills
• Strong logical, analytical and quantitative mind-set and skills
• Technically curious and self-educator
• Ability to navigate ambiguity

Preferred

• Prior experience in disaster and/or cyber recovery planning and testing

• Frontline business experience (e.g. Investment Banking, Asset Management, Private Banking)
• Critical Infrastructure Protection / Defense experience
• Experience in managing regulatory responses
• Experience of business continuity management and planning
• Knowledge of industry best practice(s)
• Proficient with MS Office toolset, with advance Excel experience a must
• Experience in working with geographically distributed and culturally diverse stakeholders
• Enthusiastic, self motivated, effective under pressure

About Us

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/VeteransJPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans

Apply Now