The Information Owner position is part of the Digital Product Management group, reporting to the Digital Information Owner Lead.
The Information Owner position plays a key role in ensuring that key Digital technology assets are in compliance with IT Risk Management policies. The IT Risk Management Program is the focal point for managing risks associated with JPMorgan Chase's Information Technology assets and for protecting the firm's information assets.
The Information Owner is accountable for managing control of the production, maintenance, use of and access to the Digital technology assets assigned to the Information Owner.
More specifically, this position will be responsible for working with Information Risk Management (IRM), Business Technology Control (BTC), Identify & Access Management (IAM), Audit, and other support groups across the Firm to ensure IT Risk policies are adhered to, processes are defined and monitored, and information is protected throughout the data life cycle.
Success in this position can lead to increasing responsibility within the Information Owner team and potentially in other areas of the firm.
Numerous technology assets are used across the Digital business unit in order to support the needs of our customers.
Reporting to the Digital Information Owner Lead, the Information Owner role supports the organization’s efforts to by ensuring that the technology assets used are compliant with IT Risk Policies.
- Proficient understanding of business processes
- Proficient project and program management skills
- Proficient understanding of IT Risk policies and required controls
- Proficient knowledge of technology assets (applications/tools) as it relates to standard risk controls
- Proficient ability to identify control gaps and deficiencies and recommend remediation efforts
- Proficient organizational skills
- Proficient relationship-building and communication skills
- Ability to work independently and manage workload with limited direct supervision
- Analytic and problem solving skills
- Ability to interpret and apply policy standards, identify control gaps and deficiencies, and recommend remediation efforts
- Ability to influence and negotiate, demonstrates leadership and proficiency in communications (written and verbal)
- Ability to drive and influence policy, establish best practices, and define standards
Principal Duties and Responsibilities
- Participates in the comprehensive assessment of the control environment to ensure compliance and effectiveness of controls including:
- Change Management
- Information Classification
- Self Assessment of Risk Controls
- Logical Access Administration
- Security Incident Management
- Resiliency Risk Management
- Disaster Recovery Management
- Third Party Oversight
- Participates in risk reviews and audits by providing required artifacts and completing activities to remediate control gaps.
- Establishes schedules for completion of application specific control activities and tracks to ensure timely completion of required remediation efforts.
- Performs certification or recertification of control documents as required.
- Identifies, develops, and distributes manual control reports and maintains evidence in a central repository.
- Reviews and approves Service Level Agreements for business specific applications.
- Performs review and approval responsibilities within the SDLC process.
- Communicates status to manager and stakeholders through summary reports, minutes, issue / defect, and risk tracking.
- Establishes or participates in establishing team's goals, objectives, and capacity activities.
- Creates, maintains, and supports internal partnerships with key groups including: with technology, risk, audit, control, business, third party relationships and support, and operation oversight departments.
- Contributes to the development of policies and procedures for assessment, development, management, and control of technology assets.
- Recommends and implements enhancements to improve effectiveness and efficiency of control procedure standards.
- Participates and contributes to application specific projects, programs, and forums and business meeting relating to access controls or impacting policy controls.
- Resolves escalated issues or risk, or escalates further as appropriate
Knowledge and Experience
- Bachelor Degree in Business Management, Information Technology preferred or equivalent work experience
- Minimum 1-3 years process Analysis / Process Improvement experience
- Minimum 1-3 years Digital industry product management, project management, compliance or risk management experience
- Technology processes and application development experience helpful
- Chase Pay experience helpful
- Able to collaborate with multiple functions and gain consensus
- Organizational and multi-tasking skills with demonstrated ability to manage expectations and deliver results
- Must be able to work independently with little supervision
- Teamwork and effective communication skills (written and verbal) required
- MS Office suite skills (Excel, Word, PowerPoint, Project, SharePoint) experience required
- Position may or may not interact with third party vendors