Cybersecurity- Regulatory Control Lead
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Cybersecurity Officers protect the firm's people, clients and information assets - ensuring the safety and soundness of the firm's business operations
• Cybersecurity personnel provide subject matter expertise, thought leadership, guidance, best practice and support across all business and technology groups firm-wide as it relates to the security of JMPC, it’s products, processes and technology
• The Cybersecurity team drives value creation by accelerating business and technology opportunities and leads proactive, intelligence-driven operations that quickly meet and stop adversaries and build a foundational fortress for business operations in any environment
• Advanced level Cybersecurity professionals are able to participate in senior level discussions on concepts, principles and issues as well as the application and implication of changes to processes, policies and procedures with perspective as they relate to Cybersecurity
• Additionally, professional is able to lead intelligent analysis and actions that stop adversaries and ensure the firm's safety.
Within Global Cybersecurity, the Governance, Risk & Control team seeks a Cybersecurity Regulatory Lead (VP), to support the Head of Cybersecurity Control by acting as the Lead for regulatory engagements related to the Global Cybersecurity Organization. The ideal candidate will have experience in communicating cybersecurity programs to external parties, a background in IT General Control development and testing, and experience in supporting IT risk programs and projects.
Roles and Responsibilities
The role involves management and oversight of the end-to-end regulatory engagement lifecycle. Regulatory engagements include examinations, assessments, inquiries, in-person meetings, demonstrations, etc. Roles and Responsibilities include [but are not limited to]:
• Provide strategic advice, communications and regular updates to the Global Cybersecurity Organization regarding regulatory engagements
• Prepare substantive written responses to regulatory requests; advocating for the firm by applying cybersecurity controls to regulations in an effective manner
• Ensure that all controls identified to support regulatory engagements are well designed and effective, and/or identify issues and support action plans to strengthen control effectiveness
• Synthesize detailed technical information to provide executive summaries
• Proactively manage relationships with firmwide stakeholders through effective communication, including interactions with EDs and MDs on a regular basis
• Collaborate/liaise with Global Cybersecurity colleagues and business partners, including but not limited to Legal, Compliance, Oversight & Control, Lines of Business (LoBs), and executive management
• Analyze regulatory requirements and determine applicability to Global Cybersecurity Organization
• As a member of the GRC Control Team, contribute to team goals and objectives
• Interface with and support the work of the Cybersecurity GRC Governance and Control teams, and contribute to overall Cybersecurity GRC goals and objectives
• Bachelors’ degree in computer science, information systems or related field; advanced degree preferred
• 8+ years of overall IT experience preferred.
• 7+ years of technology experience, ideally including experience in the Financial Services and Cybersecurity or related fields.
• Certified Information Security Auditor (CISA) or willingness to pursue.
• Outstanding verbal, interpersonal and written communication and presentation skills, including demonstrated ability to interact with both technical and non-technical stakeholders
• Strong organizational and time management skills; ability to manage multiple and conflicting priorities in a global organization, and to adapt in a fast-paced environment
• Knowledge of national and international laws, regulations, policies and ethics as they relate to Cybersecurity and specifically in the financial industry
• Ability to develop and maintain strong partnerships with key stakeholders, and to work across LOBs and regions, balancing the needs of multiple organizations
• Strong PC skills including thorough knowledge of Microsoft Office Suite
• Strong attention to detail
• Effective negotiation and influencing skills.
• Ability to both learn from colleagues and think outside the box.