The Tech Control Manager is responsible for coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.
Role is part of the Cybersecurity & Technology Controls
The group is a risk partner and consultant to the Corporate Investment Bank
(CIB), accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk. We operate within a complex landscape driven by client expectations, the requirements of being a US Broker Dealer and the vastness/variety that comes with operating in 53 countries across the globe. Our thought leadership is required across broad spectrum of topics in support of CIBs businesses and technologists.
Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets. This role requires a wide variety of strengths and capabilities, including:
- Technology control management: candidate likely to have 7+ years technology experience to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst.
- Govern and coordinate all relevant IT technology control activities, reporting and remediation of identified gaps and issue and measure effectiveness of technology controls in place.
- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
- Extensive experience with securing cloud(both Public and private), multitenant and Hybrid environments.
- Solid experience designing secure applications from the ground up (SDLC)
- Conduct manual, language agnostic code review to identify security related vulnerabilities
- Advanced knowledge of multiple IT control and project management practices and experience working across large environments
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
- Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization.
- Strong leadership skills with exceptional communication and presence
- Bachelor's degree or equivalent experience
- Relevant technical qualifications such as MIRM, CRISC, CISM, CISA, CISSP, AWS Certified Security etc