Tech Risk Assurance Director - CYBER RISK PILLAR

Join us in a pivotal role where your expertise in cybersecurity and risk management shapes our global tech resilience.

As a Tech Risk Assurance Director in the Cyber and Tech Controls line of business, you will provide confidence to the firm's leaders by ensuring products and Lines of Businesses achieve their objectives while effectively measuring and managing risk.

Developing and implementing revised or new policies and processes will be a central responsibility, with a focus on anticipating and prioritizing unknown thematic technical risk 'hotspots'.

Collaborating with cross-product and functional teams, you will analyze high-priority risks, evaluate gaps in related standards and controls, and create outputs that propel remediation plans, controls and standards development, and strategy.

Your expertise in risk management, data security, and security governance will be crucial in navigating the dynamic landscape of evolving cyber threats, technology advancements, and global regulations.

Aligned to the key security domains within the Cybersecurity Cyber Risk Pillar, this role will focus on governance and compliance of regulatory and control obligations for the Cybersecurity of the firm including such disciplines as SIEM, DLP, Digital Forensics, Network Telemetry and File Analysis, Cyber Intel, Vulnerability Management, Attack Simulation, Security Configuration, and Endpoint Detection and Response.

You will play an important role in securely enabling the firm through managing the risk profile, and aligning cybersecurity and technology controls requirements and product capabilities.

The Cybersecurity Assurance Cyber Risk Pillar Lead is responsible for coordinating the organization, framework, program, and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology.

This role engages in areas of development, design, and monitoring of corporate and global control programs, and acts as a liaison between management, the Lines of Business, internal and external audit, and regulators.

The key focus of this role will be to lead a team of professional cybersecurity experts in the areas of Security Operations (SIEM, DLP, Digital Forensics, Attack Simulation, Fraud Intel, Threat Intel, and Cybersecurity Incident management and Attack Analysis).

Job responsibilities


* Understand and have experience supporting regulatory engagements aligned to the FFIEC handboo, have in depth knowledge of industry best practice and control guidance provided by NIST, CIS, DISA and others, and collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits where the CDA is engaged


* Investigate, analyze, document, remediate, track, and report technology risks and associated controls, design and develop control requirements based on new and emerging technological solutions in a measurable way, and ensure that existing and new solutions are designed to be continu...