Join a dynamic team and be at the forefront of a growing business, working with cutting-edge technologies to shape future strategy and drive transformative outcomes.
As a Technology Operational Risk Manager – Vice President within the CCOR Technology & Cybersecurity (“CCOR Tech & Cyber”) group, you will provide independent oversight of technology and cybersecurity operational risk management practices for Chase International, with a strong focus on cloud technology and technical risk assessments. You will be responsible for reviewing and assessing the governance of risks, processes and controls, supporting the identification of risks inherent in Chase's technology environment.
In this role, you will engage with technology teams to gain a deep understanding of the technology and control environment, including cloud architectures and security controls, to provide credible challenge on the understanding and management of risk.
Drawing on your expertise you will participate in technical risk assessments and review threat models for critical systems to ensure comprehensive identification and mitigation of risk. You will evaluate the effectiveness of risk management frameworks, policies, and procedures, ensuring they incorporate key risks, align with industry best practices and meet the firms regulatory obligations. Partnering with the business and working with relevant stakeholders you will provide advisory and drive change in the firms policy and frameworks to adapt and enhance our approaches. Additionally, your experience will be leveraged in technology governance forums, where you will provide subject matter expertise as it relates to the oversight of cyber and technology risk management within the Chase International.
Job responsibilities
Perform oversight of operational risks through targeted assessments of technology / cyber security aligned processes for Chase International.
Engage with technology teams to gain full understanding of the technology and control environment that supporting the business, including hands-on engagement with cloud infrastructure, security controls, and threat modelling practices.
Oversee and participate in technical risk assessments, including the development and evaluation of threat models for critical systems and cloud-based solutions, assuring comprehensive identification and mitigation of potential vulnerabilities.
Participate in the assessment of emerging risk based on regulatory and market developments, New Business Initiatives, or external operational risk events.
Stay abreast of technology trends, threats, and emerging technologies including advancements in cloud services and controls. Integrating your insights into risk considerations for continuous oversight of the business.
Understand third party risks as related to specific technology area of expertise
Collaborate with CCOR partners to identify potentially elevated concentrations of risk globally and asses corresponding inherent risks and mitigating controls.
Provide advisory to the business recommending adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.
Participate in technology governance forums, providing subject matter expertise
Review significant events where technology is a factor , specifically evaluating incidents involving technology resilience, Cyber threat, and technical control failures.
Required qualifications, capabilities, and skills
Relevant experience in cybersecurity or engineering roles in Retail Banking.
Deep and broad understanding of cybersecurity and technology associated risks.
Deep knowledge of cloud computing, including hands-on experience with Google Cloud Platform and Amazon Web Services specifically.
Subject matter expert in areas such as networking, identity management, access management, artificial intelligence, software development and cybersecurity.
Excellent communication skills, experience preparing formal written documentation. Attention to detail, clear and concise writing, can translate complex technical information into understandable language for regulators.
Preferred qualifications, capabilities, and skills
BS/BA degree in computer science, Cyber Security or equivalent experience.
Professional cloud certifications such as AWS Certified Security Specialty and Google Professional Cloud Security Engineer. (e.g. AWS, GCP)
Knowledge of cloud infrastructure and hybrid implementations, experience with cloud security posture management and data security posture management tools.
Ability to assess controls, identify vulnerabilities and potential mitigations.
Software development experience and understanding of risks associated with the software supply chain.
Professional Certifications in Cyber and Information Security Risk (eg. ISACA, ISC2, SANs, OffSec, CEH)