Information Security Management - Governance, Risk and Controls

As an Information Security Manager at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you aim to effectively identify, monitor, evaluate, and manage the firm's Technology and Cyber risks and controls, also including operational losses, material risk, regulatory changes, etc.

in support of the firm's strategic plan. We develop comprehensive processes to monitor, assess, and manage the risk of expected and unexpected events that may have an adverse impact on the firm.

Effective partnership with our customers executive management, business units, control departments and technology functions is critical for success.

The ideal candidate will have solid experience in Governance, Risk and Compliance and a proven track record in working on complex processes and technology projects in a regulated environment.

Our Information Security professionals are passionate about information security and control solutions for computing environments.

While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats.

You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm.

Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.

The Global Technology Risk, Operations and Controls group's function is a core part of the firm's Technology Governance, Risk and Compliance team within the Cybersecurity and Technology Controls organization Job Responsibilities : Governance oversight of Tech Control Assessment Programs Execution of Risk Management activities within the Tech Control Assessment Framework Partner with Tech Controls' Assessment Team and conduct independent Risk Management activities on control assessment scope and approach Manage and execute Regulatory, Audit and Compliance Engagements Support requests from Regulatory, Audit and Compliance Engagements impacting the GT Governance, Risk, and Compliance function Develop and maintain strong business and technology relationships, becoming a trusted partner with Global Technology Policies and Controls function, Control Domain function members, LOB Information Security Managers and Assessment and Assurance Program teams Communicate status updates to key stakeholders and senior management Provide accurate metrics and management reports on a timely basis Support and help drive control evaluation methodology and framework within Cyber and Technology Controls functionJob Requirements : Formal training or certification on technology risk concepts and 5+ years applied experience 5+ years of technology controls, risk-based consulting, risk assessments, audit and / or regulatory activities.

Experience with audit and / or technology risk assessment processes, and understanding of internal controls, and how they protect the firm and its clients Experience using industry best practice frameworks such as NIST, ISO, and ISACA Knowledge and experience with technology-relevant financial services regulations (e.

g., FFIEC handbooks, etc.) Good working knowledge of common & current information technology implementations Strong communication skills - both verbal and written - to tell an effective risk story Ability to collaborate with high-performing teams and individuals throughout the firm to influence outcomes and accomplish common goals Use data and metrics (e.

g., Key Risk Indicators) to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gapsPreferred Skills & Qualifications : Knowledge and experience Public and Private Cloud technologies Experience automating compliance related risk monitoring activities CISA, CISSP, CRISC or other industry-recognized risk / audit certifications preferred