Sr. Information Security Manager
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands.
About JP Morgan Asset & Wealth Management (AWM)
J.P. Morgan is a global leader in asset and wealth management services. The Asset & Wealth Management line of business serves institutional, ultra-high net worth, high net worth and individual clients through its Asset Management and Wealth Management businesses. With client assets of $2.7 trillion and assets under management of $2.0 trillion, we are one of the largest asset and wealth managers in the world. (Assets as of December 31, 2018). The division offers investment management across all major asset classes including equities, fixed income, alternatives, multi-asset and money market funds. For individual investors, the business also provides retirement products and services, brokerage and banking services including trusts and estates, loans, mortgages and deposits.
The Cybersecurity & Technology Controls (CTC) group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
The Information Security Manager (ISM) work with our AM technology teams to design, implement, and assess controls designed to protect the Firm's information and supporting technology platforms. We aim to balance sound control with efficiency, through smart process and automation. Key deliverables and responsibilities supported by our global TCO team that would be extended to this role include but are not limited to the following;
• Managing risk assessment processes to help our technology teams, control partners, and business stakeholders understand the state of our technology and data control suite, and from there, work together to prioritize and remediate identified gaps
• Spearheading key initiatives across the whole of Asset Management to strengthen key controls
• Overseeing key operational controls to ensure ongoing operating effectiveness
• Providing advisory services in shaping next generation controls, and engaging with Internal Audit, Legal and Compliance, and other groups as necessary to support reviews of our control environment
• Offer support in data governance and data protection including key regulatory programs
• Drive areas of the execution of relevant Risk and Control activities (e.g., assessments, control testing, monitoring, reporting, and targeted remediation activities )
• Support continued maturity toward a culture focused on the pro-active awareness and improvement of the control environment
• Participate in and/or lead some of the AM reporting and represent the AM CTC agenda in various technology and business forums
• 5-7 years experience in technology or technology risk management, preferably for financial institution or strong background in risk advisory
• Ability to work effectively in a global team environment and operate in a matrixed organization
• A strong sense of ownership, commitment to quality and attention to detail to deliver excellence
• Track record of implementing successful risk or technology management solutions
• Track record of developing and maintaining senior-level stakeholder relationships
• Must be a self-starter and self-motivated and be able to prioritize accordingly depending on demands from technology teams, business and regulatory
• Be comfortable talking to development and business teams and offering risk opinions