Information Security Mgmt - Risk Assessor

Jpmorgan Chase & Co. Tampa , FL 33602

Posted 1 week ago

Information Security Mgmt

  • Risk Assessor

Req #: 190021793

Location: Tampa, FL, US

Job Category: Technology

Job Description:

The Cybersecurity & Technology Controls (CTC) organization has aligned our cybersecurity, access management, and controls and resiliency teams to accelerate the adoption of the Global Technology (GT) Vision and as a function become a strategic enabler for the businesses we support. CTC will proactively help the firm and put into place the capabilities and solutions necessary to become a leading technology company from a technology controls, resiliency and information security standpoint.


As an Associate, your primary responsibility will be to conduct various Application Risk (ARA) and Infrastructure Control Assessment (ICA) tests, properly record those test results in our systems of record, and communicate the test results to the appropriate stakeholders. You will play an important role in engaging respective Assessment Leads / Information Security Managers / Asset Owners across business areas while assessing risk. Your support of the Application Risk and Infrastructure Control Assessment programs will require you to work with application and infrastructure teams to assess controls and evaluate proposed remediation plans for adherence to the controls. You will make recommendations, based on your experience, of how we can automate the way we perform assessments across the firm as we move towards a Continuous Controls Monitoring (CCM) and as we apply other compliance automation tools. You may work on other regulatory and process risk assessment programs as well. Your assessment duties extend to all lines of business in the firm and will include continuously enhancing your knowledge on specific controls across a range of technologies, applications, processes, and infrastructure.


  • Assist with the ongoing firmwide technology risk controls assessment programs, test and evaluate the evidence of the controls and identify any significant control deficiencies, work with the appropriate Assessment Leads / Information Security Managers to identify and assess proposed remediation steps to adhere to those controls, and address other assessment findings where necessary.

  • Assist with other compliance and risk assessment programs for Global Technology, including participating in workshops to improve our ability to identify inherent risk and to adjust the descriptions of and approaches to properly obtain evidence of control effectiveness.

  • Test the evidence of the technical controls and document the tests in our assessment results systems of record.

  • Conduct Application Risk Assessments (ARA) to gather risk specific information about technology applications.

  • Conduct initial interviews related to how controls are applied and assist with the identification and testing of controls. Perform testing of the evidence submitted to validate it proves control effectiveness.

  • Conduct Infrastructure Control Assessments (ICA) to gather specific information across various infrastructure components (networks, storage, voice, etc.)

  • Work with technology teams to gather control design requirements and facilitate discussions to bring to closure identified control issues.

  • Advise Lines of Business (LOBs) of assessment results based on the testing performed and how those results align to the control standards for the firm.

  • Evaluate findings and communicate issues and best practices with the rest of the team and management.

  • Interface with the Quality Assurance team to improve assessment testing processes. Work actively with the Assessment Leads and Information Security Managers to improve technical assessment guidance.

  • Participate in additional key control projects related to the overall enhancement of the assessment function.

  • Exhibit a continuous learning mindset for security education & awareness.


  • Bachelor's degree, preferably in Cybersecurity (information assurance), Computer Science or Information Technology or equivalent experience

  • Two years internal or external technology audit or risk assessment experience.

  • Have experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients.

  • Ability to effectively develop and communicate recommendations based on various technical compliance and control assessment results.

  • Experience in software application assessment and controls testing.

  • Detail oriented with ability to examine and evaluate processes, controls and issues to determine risk areas.

  • Ability to eloquently describe and defend the process followed in performing assessments and evaluating results to stakeholders and management.

  • Can work independently and can collaborate comfortably in a matrix organization within a broader team.

  • Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal management and other groups involved in technology control assessments.

  • Proficient in MS Office

  • Microsoft Word, Excel, and PowerPoint. Quickly adapt to new tools and software applications.
  • Familiar with the principles of agile methodologies like Kanban and Scrum.

  • Basic project management skills.

  • Exposure to risk frameworks like NIST, COBIT, or ISO nice to have.

  • Technical acumen in a wide variety of distributed systems and technologies such as network infrastructure, cloud, mainframe, software development, and databases.

  • CRISC, IT Risk Assessment / Audit, CISSP, CISA or CISM or other industry-recognized risk and information assurance certifications preferred.

  • Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Business Information Security Officer (Biso) Risk Management

Citigroup Inc.

Posted 1 week ago

VIEW JOBS 3/13/2019 12:00:00 AM 2019-06-11T00:00 * Primary Location: United States,Florida,Tampa * Education: Bachelor's Degree * Job Function: Technology * Schedule: Full-time * Shift: Day Job * Employee Status: Regular * Travel Time: No * Job ID: 19006640 Description The Corporate Center Information Security program supports the implementation of the Citi's IS program initiatives and ensures there is an appropriate IS coverage for the businesses within its span of control. The Corporate program is seeking to hire a proficient and astute information security professional (ISP) with an excellent communication skill. The incumbent will possess business smarts, acuity and gravitas and must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision. The individual fulfilling this role will work with Corporate Center GISOs, Senior Business Leaders, and applicable stakeholders to lead the coordination of relevant and consistent reporting that represents the risk posture for the component businesses to facilitate garnering support for IS initiatives within the sector. The individual will work to ensure IS risks are proactively managed and effectively controlled, mitigated and/or remediated with Senior Business Heads' support and buy-in. The ISP will work to ensure Citi's information is protected by effectively applying the Confidentiality, Integrity and Availability framework as required by Citi IS policy and standards. The ISP will partner with the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program. The incumbent will also work with the business and ISOs to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. As needed, the ISP will work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security. In this role it is necessary to insure the technology is in compliance with Information Security standards and meets the specific business goals. Primary responsibility for end to end information security work for assigned businesses. * Prepares periodic IS reports for senior management summarizing the risk posture for the business * Interprets and translates the information security requirements of the business IS program into technical requirements * Monitors changes in the risk profile of the highly critical systems * Provides ad-hoc security advice * Supports risk assessments whenever technical expertise is required * Assists the system development and/or the Security Incident Response Teams in the investigation of incidents, and infrastructure units in identifying IS risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance * Responds to security events by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value * Provides guidance preparing for audits, resolving audit findings and ensuring closure * Reports IS non-compliance issues to the Business as applicable with appropriate documentation * Recommends and facilitates implementation of security solutions according to Citi's Information Security Policy and Standards * Continuously reviews and becomes familiar with applicable all sections of Citi's IS Standards * Helps to determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented About Citi: Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities. Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all. Qualifications * Bachelor's Degree in Information Security/Computer Science/Electrical, Mechanical Engineering/Information Technology or equivalent work experience (Master's Degree a plus). * 5+ years of hands-on experience in Information Security, with demonstrable accomplishments in the Information Security area. * Excellent communication skills at all levels, and within the user community as well as with technology staff; specifically, the ability to translate "technical jargon" into common business language is a must, so must have proven experience communicating with, and influencing senior business and technology leaders. * At least one Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP) is highly desired. Apply Now Citigroup Inc. Tampa FL

Information Security Mgmt - Risk Assessor

Jpmorgan Chase & Co.