Information Security Mgmt
Req #: 190021793
Location: Tampa, FL, US
Job Category: Technology
The Cybersecurity & Technology Controls (CTC) organization has aligned our cybersecurity, access management, and controls and resiliency teams to accelerate the adoption of the Global Technology (GT) Vision and as a function become a strategic enabler for the businesses we support. CTC will proactively help the firm and put into place the capabilities and solutions necessary to become a leading technology company from a technology controls, resiliency and information security standpoint.
As an Associate, your primary responsibility will be to conduct various Application Risk (ARA) and Infrastructure Control Assessment (ICA) tests, properly record those test results in our systems of record, and communicate the test results to the appropriate stakeholders. You will play an important role in engaging respective Assessment Leads / Information Security Managers / Asset Owners across business areas while assessing risk. Your support of the Application Risk and Infrastructure Control Assessment programs will require you to work with application and infrastructure teams to assess controls and evaluate proposed remediation plans for adherence to the controls. You will make recommendations, based on your experience, of how we can automate the way we perform assessments across the firm as we move towards a Continuous Controls Monitoring (CCM) and as we apply other compliance automation tools. You may work on other regulatory and process risk assessment programs as well. Your assessment duties extend to all lines of business in the firm and will include continuously enhancing your knowledge on specific controls across a range of technologies, applications, processes, and infrastructure.
PRIMARY DUTIES AND RESPONSIBILITIES:
Assist with the ongoing firmwide technology risk controls assessment programs, test and evaluate the evidence of the controls and identify any significant control deficiencies, work with the appropriate Assessment Leads / Information Security Managers to identify and assess proposed remediation steps to adhere to those controls, and address other assessment findings where necessary.
Assist with other compliance and risk assessment programs for Global Technology, including participating in workshops to improve our ability to identify inherent risk and to adjust the descriptions of and approaches to properly obtain evidence of control effectiveness.
Test the evidence of the technical controls and document the tests in our assessment results systems of record.
Conduct Application Risk Assessments (ARA) to gather risk specific information about technology applications.
Conduct initial interviews related to how controls are applied and assist with the identification and testing of controls. Perform testing of the evidence submitted to validate it proves control effectiveness.
Conduct Infrastructure Control Assessments (ICA) to gather specific information across various infrastructure components (networks, storage, voice, etc.)
Work with technology teams to gather control design requirements and facilitate discussions to bring to closure identified control issues.
Advise Lines of Business (LOBs) of assessment results based on the testing performed and how those results align to the control standards for the firm.
Evaluate findings and communicate issues and best practices with the rest of the team and management.
Interface with the Quality Assurance team to improve assessment testing processes. Work actively with the Assessment Leads and Information Security Managers to improve technical assessment guidance.
Participate in additional key control projects related to the overall enhancement of the assessment function.
Exhibit a continuous learning mindset for security education & awareness.
Bachelor's degree, preferably in Cybersecurity (information assurance), Computer Science or Information Technology or equivalent experience
Two years internal or external technology audit or risk assessment experience.
Have experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients.
Ability to effectively develop and communicate recommendations based on various technical compliance and control assessment results.
Experience in software application assessment and controls testing.
Detail oriented with ability to examine and evaluate processes, controls and issues to determine risk areas.
Ability to eloquently describe and defend the process followed in performing assessments and evaluating results to stakeholders and management.
Can work independently and can collaborate comfortably in a matrix organization within a broader team.
Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal management and other groups involved in technology control assessments.
Proficient in MS Office
Familiar with the principles of agile methodologies like Kanban and Scrum.
Basic project management skills.
Exposure to risk frameworks like NIST, COBIT, or ISO nice to have.
Technical acumen in a wide variety of distributed systems and technologies such as network infrastructure, cloud, mainframe, software development, and databases.
CRISC, IT Risk Assessment / Audit, CISSP, CISA or CISM or other industry-recognized risk and information assurance certifications preferred.
Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.
Jpmorgan Chase & Co.