Risk Assurance Lead Operator

As a Technology Risk Assurance Lead at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, you'll analyze, prioritize, communicate, and track information security findings generated by internal cyber security assessment teams. 
 
A successful candidate is driven to learn and demonstrates the ability absorb new knowledge and communicate risk impact, in an approachable and audience-appropriate way. They play a key role in the continuous improvement of JPMC’s findings management program. A strong collaborator, they operate across Risk Assurance teams, Cybersecurity Operations teams, and the wider business, to streamline processes, improve integration with JPMC’s Governance, Risk and Compliance (GRC) function, and identify trends and risk themes through the analysis of findings data. 

Previous experience in roles such as security assurance, vulnerability management, assessments and penetration testing, security architecture or risk management will be helpful.  

This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment. 

Job responsibilities: 

• Formal training or certification in Information Security, and/or 5 years of project management experience with demonstrated experience working on information security projects. 
• Experience with cybersecurity operations, common risk management processes, security architecture practices, security engineering, or vulnerability management. 
• Demonstrable knowledge across 2 or more of the following domains; network security architecture, application security, DEVOPS, governance, risk and compliance, penetration testing / red teaming, cloud security architecture.
• Demonstrable ability to generate technical security reports that are adjusted for audience. 
• Ability to collaborate and communicate with a diverse range of stakeholders, of varying seniority, to effectively articulate risk and drive change. 
• Experience in Agile project management and with Agile tools/technology (i.e., Atlassian Jira, Atlassian Confluence). 
• Understanding of offensive and defensive security tools/technologies, such as penetration testing and red team testing platforms, firewalls, IDS/IPS, Web Proxies, and DLP. 

Preferred qualifications:  

• CISSP, 
• CISM,
• CISA. 
• Offensive Security (OSCP, OSEP, OSDA), 
• SANS (GIAC, GPEN, GXPN, GWAPT)