What you'd actually do

Drive and perform end to end quality review of Third-Party Assessment as per Process Assurance process in line with the operational procedures and standards.

Assist the execution of the Assessments and control documentation as per standards, ensuring appropriate documentation and in compliance with program guidelines and standards. Also, challenging information provided to support the control design and operating effectiveness for TPRM Controls and escalate areas of concern and non-compliance to upper management.

Identify trends, common quality issues and partner with supplier control assessment operations to enhance quality of supplier control assessments.

Develop and deliver education/best practices with peers and colleagues, as well as global hubs and actively participate in strategic and tactical initiatives for global operations. Interfacing with regional hubs/operational leads and support for governance policies and program initiatives implementation.

Contribute to and follow-up of internal and external audits or any regulatory initiatives regarding Third Party Oversight where required.

Identify opportunities for automation opportunities and leveraging Artificial Intelligence for process improvement to deliver operational efficiency in the process.

Support administration updates for the firm's supplier assessment system of record and support for various record hygiene related tasks.

Skills

Required

Technology Risk & Controls
Technology Audit
Cybersecurity
Application Security
Cloud Security (SaaS, PaaS & IaaS)
Network Security
Cyber Resiliency
Third Party Outsourcing Risk Management
Supplier Management
Risk and Controls Management
Information Security
written and verbal presentation skills at the senior management level

Nice to have

CISSP
CISA
CISM
CCSP
CRISC certification

The Supplier Assurance Services (SAS) team performs comprehensive risk assessments of suppliers within JPMC’s Corporate Third Party Oversight (CTPO) program. SAS also supports JPMC’s Cybersecurity and Technology functions by designing and implementing controls and processes to further enhance the security posture of JPMC’s supply chain. SAS is part of Global Supplier Services (GSS), reporting directly to JPMC’s Global Head of Corporate Third Party Oversight.

Job Summary

As an Associate, within the Supplier Assurance Services (SAS) Process Assurance team, you will perform quality review of Third-Party Assessment as per Process Assurance process and ensuring that applicable SAS operational procedures and standards are followed within Assessment operations. You will evaluate documentation against suppliers’ infrastructure, application, and control environments. This role also involves a high degree of stakeholder engagement and support to SAS Global Assessment Operations.

**Job responsibilities **

Drive and perform end to end quality review of Third-Party Assessment as per Process Assurance process in line with the operational procedures and standards.
Assist the execution of the Assessments and control documentation as per standards, ensuring appropriate documentation and in compliance with program guidelines and standards. Also, challenging information provided to support the control design and operating effectiveness for TPRM Controls and escalate areas of concern and non-compliance to upper management.
Identify trends, common quality issues and partner with supplier control assessment operations to enhance quality of supplier control assessments.
Develop and deliver education/best practices with peers and colleagues, as well as global hubs and actively participate in strategic and tactical initiatives for global operations. Interfacing with regional hubs/operational leads and support for governance policies and program initiatives implementation.
Contribute to and follow-up of internal and external audits or any regulatory initiatives regarding Third Party Oversight where required.
Identify opportunities for automation opportunities and leveraging Artificial Intelligence for process improvement to deliver operational efficiency in the process.
Support administration updates for the firm's supplier assessment system of record and support for various record hygiene related tasks.

Required qualifications, capabilities, and skills

8+ years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network, Security, Cyber Resiliency and Third Party Outsourcing Risk Management within a large enterprise level environment.
Good understanding of relevant aspects of the Third-Party Oversight and Supplier Assurance Programs, lifecycle, execution best practices and supplier risk awareness.
Experience working in Supplier Management, Risk and Controls Management, Technology Audit, or Information Security team(s).
Strong written and verbal presentation skills at the senior management level

**Preferred qualifications, capabilities, and skills **

CISSP, CISA, CISM, CCSP or CRISC certification is a plus