Assessment & Exercises - Third-Party Cybersecurity Assessment Architect
1 week ago
Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.
As an Assessments & Exercises Vice President in Cybersecurity and Technology Controls organization, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
In this role you will help to assess the health and security of JPMC’s Third-Party suppliers, identifying risks and gaps in their control maturity. You will evaluate suppliers’ infrastructure, application and control environments providing transparency into the cyber resilience, recoverability and operational/data risks associated with key relationships. This role involves a high-degree of stakeholder engagement, suiting an individual with excellent leadership skills who is able to navigate complex organizations and build relationships across Business and Technology teams. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world. Successful candidates will help to shape the future of Third-Party cybersecurity assessments for JPMC.
Job responsibilities
- Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
- Evaluate supplier compliance with cybersecurity standards and exposure to industry risks, provide insights into corrective actions and mitigations that will help to strengthen cyber resilience.
- Assess supplier controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
- Collaborate closely with cross-functional teams to conduct detailed evaluations and develop comprehensive assessment reports of security controls and practices – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that utilize continuous improvement.
- Provide guidance and advice to Business, Technology and Third-Party supplier groups on cybersecurity best practices
- Support development of supplier risk metrics to articulate the efficacy of suppliers security arrangements
- Participate in thematic analysis, identifying trends/common issues in supplier security posture
- Partner with Product Security, Tech Risk & Controls and Risk Pillar leads to raise awareness and drive improvements in Third-Party control implementations
- Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
Required qualifications, capabilities, and skills
- 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of control delivery, security testing, assessments, or simulation exercises
- Deep understanding of key cybersecurity principles and control implementations that mitigate common threat actor techniques (Email, Network, Endpoint, Resiliency & Recovery (incl. response plans), Monitoring, End User Awareness, Vulnerability Management, and/or Identity and Access Management)
- Process engineering and re-engineering skills.
- Ability to clearly translate and communicate cyber risk via written, verbal and presentation formats to a variety of stakeholders in Cyber, Technology and the Business
- Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
- Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
- Highly Analytical, tenacious and inquisitive mindset
- Self-starter with drive to deliver results and continuous improvement mindset
- Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels
Preferred qualifications, capabilities, and skills
- Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP)– showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
- Knowledge/experience in modern programming language
Background in Product Security, Incident Response, Technology/Cyber Audit
ABOUT USJPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
ABOUT THE TEAM
Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.
-
Third-Party Risk Assessment Specialist
1 month ago
Columbus, Ohio, United States TEKsystems Full timeJob OverviewWe are seeking a qualified candidate for an 18-month contract position focused on Third-party Risk Management.Essential Skills:IT SecurityInformation Risk ManagementSecurity+ CertificationCSP CertificationThird-party Risk EvaluationsPosition Summary:The ideal candidate will possess 2-5 years of experience in an IT-related domain, with at least 2...
-
Third Party Risk
3 weeks ago
Columbus, United States TEKsystems Full timeJob DescriptionJob DescriptionTEKsystems is supporting a Fortune 500 company in Columbus, OH with a Security Analyst opening. Seeking a professional with 2-5 years IT experience with at least 2 years of Information Security exposure.Primary duties will be focused on performing Third-Party Information Risk Assessments. Skills in Python, APIs and/or scripting...
-
Third Party Risk
1 week ago
Columbus, United States TEKsystems Full timeJob DescriptionJob DescriptionTEKsystems is supporting a Fortune 500 company in Columbus, OH with a Security Analyst opening. Seeking a professional with 2-5 years IT experience with at least 2 years of Information Security exposure.Primary duties will be focused on performing Third-Party Information Risk Assessments. Skills in Python, APIs and/or scripting...
-
Lead Cybersecurity Architect
5 days ago
Columbus, United States T-SYZYGY IT SERVICES Full timeJob responsibilitiesEngages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needsDefines the technical target state of their cybersecurity product and drives achievement of the strategyIdentifies opportunities to eliminate or automate remediation of recurring issues to improve...
-
Third-Party Risk Management Senior Analyst
2 weeks ago
Columbus, United States Northwest LLC Full timeThe Third-Party Risk Management (TPRM) Senior Analyst is responsible for facilitating Northwest's risk assessment of third parties and associated services, identifying and documenting inherent risks, and working with business owners and stakeholders to ensure appropriate strategies are in place to manage risks. Essential Functions •Work directly with...
-
Third-Party Risk Management Senior Analyst
2 weeks ago
Columbus, Ohio, United States Northwest LLC Full timeJob Title: Third-Party Risk Management Senior AnalystJob Summary:The Third-Party Risk Management Senior Analyst is a critical role within Northwest LLC, responsible for facilitating the risk assessment of third-party vendors and services. This position requires a strong understanding of risk management principles and the ability to work closely with business...
-
Cybersecurity Architect
2 weeks ago
Columbus, OH, United States myGwork Full timeThis job is with Fiserv, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. Calling all innovators - find your future at Fiserv. We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the...
-
Third Party Risk Specialist
22 hours ago
Columbus, Ohio, United States TEKsystems Full timeJob OverviewTEKsystems is supporting a Fortune 500 company in Columbus, OH with a Security Analyst opening. The ideal candidate will have 2-5 years of IT experience and at least 2 years of Information Security exposure.Key Responsibilities:Perform Third-Party Information Risk AssessmentsDevelop and implement risk mitigation strategiesCollaborate with...
-
Third-Party Risk Management Senior Analyst
2 weeks ago
Columbus, United States Northwest Bancorp, Inc. Full timeThe Third-Party Risk Management (TPRM) Senior Analyst is responsible for facilitating Northwest's risk assessment of third parties and associated services, identifying and documenting inherent risks, and working with business owners and stakeholders Senior Analyst, Relationship Manager, Risk, Management, Risk Analyst, Senior, Banking
-
Third Party Risk Specialist
4 days ago
Columbus, Ohio, United States TEKsystems Full timeJob OverviewTEKsystems is supporting a Fortune 500 company in Columbus, OH with a Security Analyst opening. The ideal candidate will have 2-5 years of IT experience and at least 2 years of Information Security exposure.Key Responsibilities:Perform Third-Party Information Risk AssessmentsDevelop and maintain risk assessment reportsCollaborate with the team to...
-
Cybersecurity Project Manager
4 weeks ago
Columbus, Ohio, United States NiSource Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Project Manager to join our team at NiSource. As a Cybersecurity Project Manager, you will be responsible for guiding cross-functional cybersecurity teams using Agile and waterfall methodologies to achieve cybersecurity objectives.Key ResponsibilitiesProject Planning: Develop and maintain project...
-
Cybersecurity Architect Lead
2 weeks ago
Columbus, Ohio, United States JPMorganChase Full timeJob Title: Lead Cybersecurity ArchitectAs a key member of the Cyber and Tech Controls line of business at JPMorgan Chase, you will play a critical role in developing high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. Your expertise in cybersecurity architecture will be instrumental in identifying,...
-
Senior Cybersecurity Architect
1 week ago
Columbus, Ohio, United States JPMorganChase Full timeJob OverviewWe are seeking a highly skilled Senior Lead Cybersecurity Architect to join our team at JPMorgan Chase. As a key member of our Cyber Security organization, you will play a vital role in shaping the future of our company's network security.As a trusted advisor, you will work closely with technical teams and business stakeholders to discuss and...
-
Cybersecurity Architect Lead
7 days ago
Columbus, Ohio, United States JPMorganChase Full timeJob Title: Senior Lead Cybersecurity ArchitectWe are seeking a highly skilled Senior Lead Cybersecurity Architect to join our team at JPMorgan Chase. As a key member of our Cybersecurity and Technology Controls organization, you will play a vital role in shaping the future of our company and making a direct impact in a dynamic environment designed for top...
-
Senior Cybersecurity Architect
4 days ago
Columbus, Ohio, United States JPMorganChase Full timeJob OverviewWe are seeking a highly skilled Senior Lead Cybersecurity Architect to join our team at JPMorgan Chase. As a key member of our Cyber Security organization, you will play a vital role in shaping the future of our company's network security.As a trusted advisor, you will incorporate knowledge of emerging threats, business goals, and system design...
-
Cybersecurity Project Manager
2 weeks ago
Columbus, Ohio, United States NiSource Full timeCybersecurity Project Manager Job DescriptionJob Summary:NiSource is seeking a highly skilled Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager, you will be responsible for guiding cross-functional cybersecurity teams using Agile and waterfall methodologies to achieve cybersecurity objectives.Key Responsibilities:Lead and...
-
Cybersecurity Project Manager
3 weeks ago
Columbus, Ohio, United States NiSource Full timeCybersecurity Project Manager Job DescriptionNiSource is seeking a highly skilled Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager, you will be responsible for guiding cross-functional cybersecurity teams using Agile and waterfall methodologies to achieve cybersecurity objectives.Key Responsibilities:Lead and coach...
-
Cybersecurity Solutions Architect
2 weeks ago
Columbus, Ohio, United States Palo Alto Networks Full timeAbout the RolePalo Alto Networks is seeking a highly skilled Cybersecurity Solutions Architect to join our team. As a key member of our sales team, you will be responsible for partnering with our customers to secure their entire digital experience.As a Cybersecurity Solutions Architect, you will drive and orchestrate large complex sales cycles, working with...
-
Cybersecurity Project Manager
2 weeks ago
Columbus, Ohio, United States NiSource Full timeCybersecurity Project Manager Job DescriptionNiSource is seeking a highly skilled Cybersecurity Project Manager to join our team. As a Cybersecurity Project Manager, you will be responsible for guiding cross-functional cybersecurity teams using Agile and waterfall methodologies to achieve cybersecurity objectives.Key Responsibilities:Lead and coach...
-
Supervisor Quality Assurance
1 month ago
Columbus, United States Abbott Laboratories Full timeSupervisor Quality Assurance Third Party ManufacturingAbout AbbottAbbott is a global healthcare leader, creating breakthrough science to improve peopleâs health. Weâre always looking towards the future, anticipating changes in medical science and technology.Our nutrition business develops science-based nutrition products for people of all ages,...