JPMorgan Chase CCOR Technology & Cybersecurity Cloud Risk Management Executive Director in Plano, Texas
CCOR Technology & Cybersecurity ("CCOR Tech & Cyber") is a group within the Compliance, Conduct and Operational Risk (CCOR) organization and has areas of alignment across all Lines of business (LOBs), Regions and Corporate Functions (CFs), responsible for the independent oversight of first line operational risk management practices and compliance with technology and cybersecurity laws, rules, and regulations. Additionally, CCOR Tech & Cyber provides Firmwide end-to-end independent second line coverage of Technology and Cybersecurity Compliance, Resiliency and Crisis Management, Insider Threat, and Global Supplier Services.
Global Technology Infrastructure (GTI) organization which delivers foundational infrastructure and Cloud services for critical application workloads across multiple lines of business. The GTI Technology Operational Risk team monitors and tests for risks and control deficiencies within multiple GTI and Cloud products, services, and processes.
We're seeking a Compliance, Conduct and Operational Risk (CCOR) Executive Director who will effectively partner with Line of Business (LOB) and global/regional teams; including Operational Risk, Compliance, Internal Audit, and other Control functions. In this role, you may provide Operational Risk Management coverage for several areas, in addition to serving as the team's subject matter expert for specific regulations in executing the following Core Practices: Governance and Oversight, Regulatory Management, Policies and Procedures, Training and Awareness, Monitoring and Testing, Issue Management, Risk Assessment and Reporting.
This role reports directly into the GTI Technology Operational Risk Officer and is responsible for analysis and identification of operational risks associated with GTI and Cloud infrastructure. This role requires an experienced technology/cybersecurity risk and compliance professional with technology audit experience to identify risks and control deficiencies at the Cloud platform level with a business process lens. In addition to developing and executing an oversight plan, the ideal candidate will also represent second line of defense in regulatory, first line leadership, and risk issue forums. Successful candidate in this role should develop independent point of view of risk appetite and status, but also enable risk management culture and accountability with first line stakeholders using credible and practical first line experience.
Key responsibilities include :
Risk assessment of the impact of changing infrastructure on the JPMC technology portfolio. As new technology is introduced and old technology is phased out, the risk position of the firm will have a changing residual risk position.
Coordination and key participation in the development of the evolving risk position of new technology and third-party software. For each of the technology areas in focus, this individual will be charged with escalating and tracking the individual risk items.
Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.
Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; assist LOB OROs in determining the appropriate consideration of technology risk management and risk events.
Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
Working with colleagues in ORM, as well as technology, business and other control functions, the Operational Risk Lead is expected to contribute to the Oversight of Technology and IT Risks, Key Technology Operational Risks , Assessments and related indicators and thresholds, Challenge of technology Risk Self Assessments, Issue management, oversight and escalation.
Knowledge with technology application and infrastructure components such as Servers, Storage, Networking, Application Development, Cloud technologies and Database Management systems.
Manage identified risks using firm's Operational Risk Management Framework.
Challenge first line control managers and risk assessors.
Conduct line of business-oriented risk assessment based on application.
Participate in key governance and control forums.
BA or BS College Degree in Business, Sciences or Engineering.
20+ years of experience in Technology Risk, Technology Audit, Application Security, Software/Infrastructure Engineering, or related fields.
Experienced in regulatory technology related examinations.
Proven ability to perform test of controls (design and operating effectiveness) e.g. Change Management, Identity and Access Management, Third Party, Encryption, Vulnerability Assessment, Configuration Management, Patching, Network Security, Secure SDLC, Incident Response, and Resiliency.
Strong understanding of technology control frameworks such as COBIT, NIST, ISO27001.
Professional certifications such as CISA, CISM, CISSP.
Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices.
Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
Adapt at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks.
Highly disciplined, able to work with limited supervision and make independent decisions.
Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
High level of professionalism, self-motivation, and sense of urgency.
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans