JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Global Technology Infrastructure (GTI) serves as the central provider of technology infrastructure to JPMorgan Chase. Integrated Compute Services (ICS) is accountable for the core distributed hosting infrastructure (managed services, Compute, SAN, NAS, Backup, etc) within the bank, across plan, build and operate functions. The organization is transforming into a Managed Services provider for JPMC and drives product management, engineering standards and productivity initiatives in support of the Managed Services. Within GTI, ICS work in partnership with our Global Service Operations (GSO) who provide L1, L2 & L3 operational support of the ICS technologies.
In the role of ICS Storage Risk & Controls Team Lead, you will be responsible for working with Storage Services technology and business stakeholders to understand and manage the risk posture relative to the firm wide IT Control Policies and Standards and where applicable regulatory requirements.
You will provide support for audit and regulatory events and awareness and guidance of IT Control Polices and Standards, working with Storage Services technology and business stakeholders to develop solutions that address significant gaps.
Furthermore you will ensure timely execution of risk and controls assessments for ICS Storage Services applications & systems commensurate with their risk profile. Where gaps are identified remediation plans must be developed and managed to closure or risk acceptances sought where appropriate.
This position provides Information Risk and Controls support and leadership to the Storage Services technology and business stakeholders.
Responsibilities will include but not be limited to:
- Develop an understanding of ICS Storage Services Products and Technologies
- Executes against GTI Information Risk and Controls strategy ensuring that ICS Storage Services business and technology groups operate within a known and acceptable level of risk
- Establishes working relationships with key technology and business stakeholders, collaborating with all internal risk and control functions, internal and external Audit, and Regulatory bodies to effectively manage the overall ICS Storage Services risk posture
- Identifies potential information security risks/threats and escalates to senior management where appropriate
- Develops and maintains an understanding of the regulatory environment pertaining to ICS Storage Services
- Ensures that application risk assessments are performed in line with policy requirements (ARC, ACA, ITA), facilitates reviews, identifies and documents any resulting breaks requiring remediation
- Oversees ICS Storage Services Technology RCSA posture, supporting end to end review process and ensuring that significant technology risks are documented in the appropriate system of record
- Contributes to continuous improvement through risk identification and mitigation
- Supports LOB and Firmwide risk and control initiatives as required
- Promotes and ensures compliance with the firms IT Risk Management Policies and Standards
- Provides awareness and training ensuring that ICS Storage Services Business and Technology stakeholders fully understand their roles and responsibilities
- Provides support to major Technology projects and programs
- Supports audit and regulatory events as appropriate
- Provides subject matter expertise in all areas of information risk and controls
- Works with businesses and technology stakeholders to develop solutions to address control gaps
- Supports the vendor risk management agenda (TPO) for ICS Storage Services
Minimum of 7 years Extensive experience in an Information Risk and Controls or Audit role within global Financial Services or other multi-national corporation, with exposure to multiple storage technologies, in a fast moving, mission-critical, large scale, global, operational environment.
- Technology or Business related degree and/or equivalent work experience
- CISSP or CISA certification preferred
Extensive understanding of information risk and control management principles and frameworks
- Strong communication and presentation skills with ability to deliver key messages clearly and concisely
Team leadership or management, ideally in a global environment with people reporting to you from remote locations / time zones
Excellent analytical and problem-solving skills – ability to get to the root of the problem, assess impact, and develop a resolution plan quickly, leveraging all available resources, is essential. Ability to identify tactical quick wins, as well as strategic long term remediation options are both essential skills
- Strong multitasking skills with the ability to self manage with proven track record in managing multiple deliverables
Understanding of financial management aspects, such as investment processes, business case development, understanding total costs, and managing them to a budget
Enthusiastic style, able to work with disparate groups with often competing motivations
Capable of acting as business liaison, translating business needs to technical requirements and providing point of contact to business and senior management during high impact incidents
Ability to tune a technical conversation according to the technical capability of the audience
- Provides management with strategic and tactical recommendations
- Able to evaluate and present solutions and recommendations objectively
- Strong data analysis, management, and reporting skills