Apply Now    

Corporate - Global Cybersecurity Technology - Audit Manager - Vice President

Req #: 170096367
Location: New York, NY, US
Job Category: Accounting/Finance/Audit/Risk
Potential Referral Amount: 5000 US Dollar (USD)

 

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.

 

The Enterprise Technology group provides global audit coverage for multiple technology organizations within JPMorganChase including Global Technology Infrastructure (GTI), Corporate Technology (CT) and Global Cybersecurity. These businesses deliver a wide range of technology services for the firm globally and partners with all lines of businesses. In addition, they ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally.

 

The Cybersecurity Audit Team is looking for an experienced cybersecurity professional with extensive experience of cybersecurity operations who would like to work in a challenging, hands-on, fast paced environment utilizing their existing core cyber skills while building audit and risk management capabilities. This position is ideal for a seasoned cyber professional who would like to broaden their skills and bridge the gap between deep technical knowledge and senior management engagement, strategy and risk management. The position will partner with team members and auditors in other business areas to develop risk and control assessments through audit activities for leading cyber services and information security technologies. The position is a New York based role reporting to the Cybersecurity Audit Team Lead.

 

Responsibilities:

  • Participate in all aspects of audit activities including risk assessments, planning, testing, evaluation, report creation, documentation, and determining effectiveness of risk mitigation plans across the Global Cybersecurity business
  • Establish strong relationships with senior Global Cybersecurity leadership, related controls groups and business auditors
  • Provide audit coverage of the key controls supporting cybersecurity with specific focus on cybersecurity operations processes
  • Assist in the development and analysis of key metrics to identify trends in cybersecurity
  • Partner with colleagues, stakeholders and control community members to evaluate, test and report on the adequacy and effectiveness of controls in relation to associated cybersecurity risks. This may be achieved through specific audit reviews or direct participation in key cybersecurity projects
  • Share knowledge, techniques and toolsets with colleagues within the team to build proficiency in the Cybersecurity Audit Team
  • Up to approximately 15% travel required
  • 10 or more years of total work experience, with at least 8 years in IT Security, Cybersecurity or Audit and significant hands-on experience within a cybersecurity operations environment
  • Excellent understanding of defense-in-depth principles and network security architecture plus knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities
  • Experienced with Technology, IT Risk/Security or Security Audit, IT Forensics, & ITIL (Incident, Problem, Change Management) methodology
  • Experience with general attack stages (e.g. footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
  • Knowledge of information technology (IT) security principles and methods
  • Ability to apply a knowledge of attacker capabilities, intentions, motives, and historical operations/targets
  • Solid and demonstrable comprehension of data protection strategies, network and system vulnerabilities, Security Information and Event Management (SIEM), malware, emerging threats, attacks, and vulnerability management
  • Understanding of system and application security threats and vulnerabilities (e.g. buffer overflow, mobile code, cross-site scripting, SQL injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code) and understanding of source code, hex, binary, regular expressions, etc.
  • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs) and use of IDS, IPS, and/or other signature matching technology
  • Intermediate knowledge of Linux and Windows operating systems

Preferred Qualifications:

  • Computer Science or related technical degree from an accredited institution
  • Minimum of one relevant professional certification- (CISA, CISSP, CISM, MCSD, GIAC, CCSP or CEH preferred)
  • Working knowledge of global threats to international cyber security, and conversant in the tools, tactics, and procedures used by cyber adversaries
  • A sound understanding of TCP/IP and networking concepts and experience performing in-depth packet analysis
  • One scripting/programming language (e.g. Python, Perl)

People/Communication skills:

  • Enthusiastic, self-motivated, willing to be challenged and take personal responsibility.
  • Ability to communicate effectively with Senior Management
  • Ability to present complex solutions and methods to a general community, effective verbal and written communication skills
  • Ability to build strong partnerships across the technology and business teams and able to multitask and execute audit activities with minimal supervision
  • Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks and demonstrated ability to be reliable and flexible
  • Experience in a fast paced, high stress, support environment and able to follow detailed process and procedure documentation
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.