Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

As an Identity and Access Management (IAM) Cybersecurity Risk Lead, as a part of the CCOR Technology & Cybersecurity (“CCOR Tech & Cyber”) group, you will work with Lines of business (LOBs), Regions and Corporate Functions (CFs) to provide independent oversight of first line operational risk management practices and compliance with technology and cybersecurity laws, rules, and regulations. You will be responsible for the review and assessment of governance of cybersecurity processes and controls risks inherent in JPMorgan Chase technology environment.

Job Responsibilities

• Perform deep inspection of specific technologies in targeted processes or firm-wide evaluation.
• Keep abreast of current IAM enforcement actions, regulatory changes and solutions.
• Engage with cyber teams to gain full understanding of cybersecurity and control environment.
• Perform significant event reviews when AIM is a root cause or element
• Assess technology risk across the bank
• Understand IAM security for third party risks as related to specific technology area of expertise.
• Coordinate and participate in the development of the evolving risk position of new technology. For each of the technology areas in focus, this person will be charged with escalating and tracking the individual risk items.
• Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.
• Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; assist LOB OROs in determining the appropriate consideration of technology risk management and risk events.
• Participate in key IAM governance forums.
• Provide feedback and coordination with the application risk assessment process.

Required qualifications, capabilities, and skills

• BS/BA degree in computer science or equivalent experience
• 5+ years or more proven experience in cybersecurity / with roles involving identity and access management, also with financial services experience
• Knowledge of Identity and Access Management organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required.
• Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices
• Proven track record of taking ideas forward without supervision and challenging others, where appropriate
• Adept at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks
• Highly disciplined, able to work with limited supervision and make independent decisions
• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results
• Demonstrated verbal and written communication skills, as well as a high level of professionalism, self-motivation, and sense of urgency