JPMorgan Chase Technology Control Officer for Vulnerability Management in Columbus, Ohio
The Global Cybersecurity and Technology Controls (CTC) organization ensures the security and resiliency of the Firm’s computing environment, enabling it to protect customer and employee confidential information, and comply with regulatory and audit requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high-quality security solutions and services that are focused on improving the Firm's risk posture.
The Governance & Control (G&C) organization within CTC is seeking an accomplished and seasoned Technology Control Officer (TCO) to drive a robust risk and control environment, ensuring technology solutions comply with Firmwide risk, controls and regulatory requirements. The TCO will have a comprehensive understanding of the overall Vulnerability Management risk and control environment and instill appropriate governance to manage and proactively identify issues and changes in the risk profile of the underlying systems.
Drive a risk mitigating culture within Vulnerability Management aligned to proactively identify, assess, and manage inherent risks within technology and services.
Create and maintain Vulnerability Management related Policies, Standards and Procedures to keep them evergreen and ensure alignment with industry leading practices and regulatory requirements
Strengthen the control environment through education, collaboration, and oversight.
Drive effective risk mitigating controls designed, deployed, and monitored by the application owners, developers, and support teams.
Develop an integrated technology control framework maintaining the appropriate balance between risk mitigation, product growth, and financial returns.
Collaborate with Audit, Information Risk Management, business control functions, and the Vulnerability Management teams to drive transparent, measurable, and sustainable control improvements.
Partner closely with business and technology stakeholders providing clear direction and guidance to manage risks, driving control optimization, process efficiency, and improved client experience.
Proactively work with technology and product managers to identify potential issues and ensure effective remediation throughout the full Issue Management lifecycle
Provide leadership and advise on material remediation activities ensuring appropriate resolution of issues.
Active engagement in risk assessments and control substantiation.
Engage and partner with Product, Technology, Architecture and G&C teams to promote cross-functional relationships and foster collaborative approaches
Collaborate with Product, Technology and Architecture teams on Internal Audits, SSAE16, SOX, Operational Risk and Regulatory assessments.
Support Risk & Control Self-Assessment (RCSA) process ensuring issues and related action plans are timely documented, assigned, and resolved.
Ensure timely escalation of material issues to senior management.
4+ years of technology experience with Application & Infrastructure Security Assessments (e.g.: Penetration Testing, Dynamic Scanning) and Red Team Adversary Emulation
5+ years of technology security, risk, and audit experience.
Experience in business process analysis, documenting gaps and process standardizations.
Experience identifying strategic improvements and delivering measurable change.
Strong written and verbal communication skills.
Strong ability to articulate ideas and results in a meaningful and actionable manner
Flexible, adaptable to shifting priorities; eagerness to work in a fast-paced, results driven, highly dynamic environment
Experience working with geographically dispersed and culturally diverse teams.
Proficient with multiple technologies and architectural design principles.
Proven ability to build strong partnerships with colleagues, desire to learn quickly, be flexible and think strategically
Demonstrated analytical and problem solving skills.
Strong organizational skills with ability to effectively multitask.
Strong interpersonal skills, exceptional relationship building and influencing skills and ability to effectively partner with all levels of management across numerous teams to help drive the control agenda
Familiarity with industry-recognized frameworks (e.g., COBIT, FFIEC CAT, NIST CSF)
Certifications such as CEH, LPT, CISSP, CISM and CRISC are preferred.
Bachelor’s degree, specialized training, or equivalent work experience.
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.
When you work at JPMorgan Chase & Company, you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 40,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, Cyber security, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Company we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies around the world, we want to meet you.
JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.