Receive alerts when this company posts new jobs.
at JPMorgan Chase
Job Reference #: 170093751
Req #: 170093751
Location: Wilmington, DE, US
Job Category: Technology
Potential Referral Amount: 5000 US Dollar (USD)
About Technology Controls (TC)
Payments Technology Controls (TCO) is responsible for maintaining a portfolio view of risk and control and leading strategic risk reduction within JPMorgan Chase's Card Services and Merchant Services Technology lines of business.
The Payments Technology Control Lead will advise aligned LoB CTOs and maintain a comprehensive understanding of the overall Banking Technology risk and control environment. TCO instills appropriate governance to manage and proactively identify technology issues and changes in the risk profile of the underlying systems.
The Technology Control Lead influences effective risk & controls management and provides governance and oversight for businesses through risk consultancy, identification of control weaknesses and recommendations for improvement opportunities, providing training and reporting of risk issues.
Duties and Responsibilities include:
- Understand technology from a strategic perspective as it relates to managing risk in the organization
- Drive a risk mitigating culture to proactively identify, assess, and manage inherent risks within our platforms and services
- Drive effective risk mitigating controls designed, deployed, and monitored by the application owners, developers, and support teams
- Collaborate with Audit, Information Risk Management, TPRM, business oversight and control functions, and the Banking Technology teams to drive transparent, measurable, and sustainable control improvements; Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
- Ensure that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, as well as investigating and resolving control incidents
- Proactively work with technology and product managers to identify potential issues and ensure effective remediation
- Engage with application development (AD) teams on an on-going basis for BAU risk activities as well as project initiatives.
- Provide leadership and advise on material remediation activities ensuring appropriate resolution of issues
- Monitor existing technology issues and actions and support the closure verification process
- Promote the corporate self-assessment programs (RCSA and ACA) ensuring technology owners are assessing the technology risk in their environments identifying breaks in their control effectiveness
- Complete quality assurance reviews of various control assessment programs
- Provide quality assurance (QA) over the self-assessments to ensure they meet corporate compliance
- Communicate risk and other control findings and develop recommendations for resolution
- Provide technical risk project consultancy for technology teams rolling out new products in the firm so that they are secure from the start and fully compliant with the firms risk policies and standards
- Enforce compliance with Firm-wide risk reduction programs
- Develop reporting with key, focused messages to enable constituency to understand their risk position
- Identify opportunities for process improvements to deliver increasing efficiency within the Risk & Control framework.
- Escalate issues to senior management as warranted
- Manage any other assigned duties as required
Educational Qualifications and Work Experience
- Bachelors degree or equivalent experience
- 7+ years of work experience in Information Risk & Security domains, IT audit or equivalent
- 5+ years hands-on experience in application development, technology operations, infrastructure support and/or risk based projects.
- Experience working in multinational enterprise with matrix organization
Risk and Control Experience
- Strong understanding of control frameworks and industry standards including COBIT, ISO 27001, COBIT, NIST and ITIL
- Strong understanding of IT General Computer Controls (GCCs) and Application controls
- Experience with Internal Audits, SSAE16, SOX, and regulatory assessments
- Payment Card Industry - PCI Qualified Security Assessor Certification
- CISSP, CRISC or CISM/CISA qualifications preferred
- Working knowledge within the following risk domains/technologies:
- SDLC / Agile
- Public Cloud Infrastructure
- Database and application security
- Access Administration
- Security Event Logging & Monitoring
- Vulnerability Management
- Disaster Recovery
- Unix/Linux /Wintel
- Understanding of network concepts
Other Skills / Requirements
- Strong analytical background and technical skills with the ability to assess and communicate the operational, technical, and financial impact of risk findings and control issues.
- Ability to collaborate effectively with both business-oriented executives and technology-oriented personnel; interact with all levels of staff and ability to build appropriate relationships to effect strategy
- Ability to negotiate compromise between diverse parties with competing equities
- Ability to work independently in unstructured situations as well as in a team environment
- The ability to communicate effectively with very senior levels of management as well as technologists and business personnel is critical, including the usage of business relevant terms to describe technology risks
- Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language
- Experience writing professional documents both for internal and external purposes as well as being comfortable with presenting to senior leadership and often delivering a tough message.
- Ability to manage multiple efforts simultaneously that involve key stakeholders across a large matrixed environment. Ability to develop and lead initiatives in a cross line of business technology organization, build rapport and garner respect in a collaborative cross-cultural environment
- Ability to travel when required #DI
Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!