company logo

Information Security Management Associate

  • Bournemouth
  • July 13, 2022
  • Salary: Full-time, Permanent

The Chief Technology Office (CTO) oversees enabling technology capabilities inclusive of engineering and architecture tools and practices as well as the firm's technology workforce strategy. Our missi

The Chief Technology Office (CTO) oversees enabling technology capabilities inclusive of engineering and architecture tools and practices as well as the firm’s technology workforce strategy. Our mission is to integrate new and emerging technology into the fabric of the firm. Our teams lead the design and development of a range of new and emerging technology capabilities including Blockchain, AI/ML, Core Development, Architecture, Engineering and Data Management. In addition, our research and engineering teams collaborate to take ideas from early-stage research to real world deployments. CTO teams also inspire and engage firmwide technology workforce to anticipate and adopt new technologies, process methodologies, and establish architectural constructs.

As an Information Security Officer (ISM) within CTO, you will focus on improving the end-to-end risk posture for the assigned product group, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. This includes a threat driven approach to enable secure from the start adoption of emerging technology and application development. The ISM will be expected to drive effective risk & controls management and support the technology teams through proactive identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate on proactive measures to remediate.

Responsibilities:

  • Partner and collaborate with the technology teams to deliver customer value and improve security posture of the firm.
  • Ensure technology risk is effectively identified, quantified, communicated and managed, including recommendations for resolution and identifying the root cause/key themes.
  • Conduct threat modelling, solutions architecture, secure code review with product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations.
  • Proactively monitoring Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
  • Serve as a point of escalation and subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection and application security.
  • Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits
  • Partner with Third Party Oversight teams to ensure effective technology risk management of vendors engaged by technology partners, with a focus emerging technologies.
  • Interface with Technology Leadership, Product Owners, and Application Development teams on an on-going basis for business as usual risk activities, reporting and project initiatives.
  • Maintain an understanding of Technology teams strategies, product roadmaps and key investment programs


Preferred Experience:

  • Written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
  • Experience working within fast paced, complex and high performing Digital/Agile/Scaled Agile teams
  • Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement.
  • experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security
  • Applicable working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
  • Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
  • Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.

When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

Leave a Reply