Information Security Management

**JOB DESCRIPTION**
Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm.

As an Information Security Management - Technology Regulatory Assessor, Associate at JPMorgan Chase within the Cybersecurity & Technology Controls (CTC), Regulatory Assessment Delivery Service (RADS) team, you will drive regulatory assessments in APAC, EMEA, LATAM and facilitate coordination through partnerships with Lines of Business (LOBs) technology teams and Information Security Managers. In this hands-on role, responsibilities include understanding the firm’s regulatory requirements and commitments, testing of controls in line with regulatory requirements, understanding the firm’s risk agenda and ultimately improve the firm regulatory, risk and controls posture.

**Job responsibilities**
- Executes a Book of Work of regulatory assessments in APAC, EMEA, LATAM regions
- Reviews regulatory assessment needs across Lines of Business periodically
- Drives execution of assessments and provide helpful, informative, and timely reporting to key stakeholder
- Provides quality assurance (QA) over assessments to ensure they meet expected requirements
- Facilitates ad-hoc Internal Audit reviews
- Develops and drives continual improvements of assessment practices
- Seeks improvement opportunities such as re-use of tests results across assessments, automation.
- Collaborates with line of business technologists and Information Security Managers
- Develops and maintains strong business and technology relationships, becoming a trusted partner to these groups
- Ensures that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, as well as investigating and resolving control incidents
- Advises LOBs based on testing results to improve compliance posture

**Required qualifications, capabilities, and skills**
- Bachelor’s degree
- Minimum 5 years of work experience in technology risk and control domains in banking environment
- Hands-on experience executing technology controls assessments
- Experience in managing RFIs for assessments across regulatory needs
- Knowledge of APAC technology regulatory requirements and trend
- Strong interpersonal skills with ability to lead discussions and meetings with management
- Good track record of collaboration
- Good understanding in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
- Hands-on knowledge on data analytics tool like Tableau, Qlik, etc., for performing required data analysis and creating dashboards as needed
- Proficient in Microsoft Office - Word, Excel, and Power Point

**Preferred qualifications, capabilities, and skills**
- Experience working with the FSSCC Financial Services Sector Cybersecurity Profile (FSP)
- CISSP, CISA/CISM, CRISC and any other Information Security Certifications in conjunction with relevant experience

**ABOUT US**

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

**ABOUT THE TEAM**

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enab