DESCRIPTION:
Duties: Oversee GT and operational metrics, impacting cyber and tech risk management for business lines, entities, and compliance with regulators, safeguarding JPMC's reputation and integrity. Develop a framework ensuring metrics are relevant, comprehensive, and aligned with industry standards and regulatory requirements across control domains, including technology development, resiliency, and data protection. Act as the first line of defense by developing a strategic plan for GT Metrics, aligning with risk management and business objectives, covering controls and risk types for robust global metrics coverage. Enforce partnerships with second and third defense lines to ensure the metrics program meets stringent risk reporting criteria, fortifying compliance and risk management. Lead advisory roles with metric owners, providing guidelines and tactical solutions to define metrics' scope and thresholds. Drive automation of the GT Metrics process, enhancing efficiency, accuracy, and responsiveness in risk management. Lead collaboration with IT, operations, compliance, and audit teams to ensure an integrated approach to risk management, reinforcing the firm's security posture.
QUALIFICATIONS:
Minimum education and experience required: Bachelor's degree in Electrical and Electronic Engineering, Computer Science and Information Security, or related field of study plus seven (7) years of experience in the job offered or as Technology Risk and Controls, Cybersecurity and Technology Controls, Senior consultant, or related occupation. The employer will alternatively accept a Master's degree in Electrical and Electronic Engineering, Computer Science and Information Security, or related field of study plus five (5) years of experience in the job offered or as Technology Risk and Controls, Cybersecurity and Technology Controls, Senior consultant, or related occupation.
Skills Required: This position requires five (5) years of experience with the following: Identifying, assessing, and providing recommendations for mitigating risk in Information technology or information security settings. This position requires one (1) year of experience with the following: End-to-end designing and administrating risk and control metrics across the technology risk metrics lifecycle; Developing and implementing Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), sourcing and integrating data from multiple systems, calibrating metric thresholds based on risk appetite, conducting ongoing performance monitoring, executing breach escalation protocols, and preparing comprehensive reports for technology control forums; Reviewing the effectiveness and utilization of KPIs and KRIs across key technology domains, including Data Protection such as ensuring data confidentiality or compliance, Identity and Access Management such as monitoring secure access controls, Technology Resiliency such as assessing system uptime and recovery capabilities, Vulnerability Management such as tracking identification or remediating security gaps, the SDLC Lifecycle such as evaluating secure development and change management processes, and Security Configuration such as ensuring adherence to security baselines and standards. This position requires any amount of experience with the following: Supporting risk mitigation strategies through risk governance, control evaluation, monitoring, and reporting; Performing IT General Controls testing for Change Management, Logical Access, Management and Security, Incident Management, and Data Backup and Restoration to assess the effectiveness of existing controls; Assessing business processes to develop business impact analyses, risk assessments, and business continuity policies using risk management frameworks.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. In addition, please visit: https://careers.jpmorgan.com/us/en/about-us.
Job Location: 10 S Dearborn St, Chicago, IL 60603.
Full-Time. Salary: $166,000 - $175,000 per year.