Embark on a journey to fortify our security framework, leveraging your skills in assessments and exercises. This role offers a platform to contribute to our relentless pursuit of cybersecurity excellence and resilience, presenting a unique chance to impact our strategic approach to risk management and operational integrity.

As an Assessments & Exercises Associate in Cybersecurity & Tech Controls, you will play a vital role in enhancing the firm's cybersecurity or resiliency posture. Use industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Collaborate with a team to conduct risk-driven tests and simulations and contribute to the development of assessment and test reports. Help evaluate preventative controls, incident response processes, and detection capabilities, and explore opportunities to automate evaluation operations.

Job responsibilities

• Supports the APAC technology resiliency governance function through maintenance of up-to-date policies, standards, and procedures that align with global standards, firmwide OKRs, and APAC regulatory requirements
• Drives identification of local jurisdictional requirements and treatment of gaps in JPMC’s controls framework in collaboration with key stakeholders
• Facilitates governance oversight of resilience metrics and jurisdictional requirements across LOB Technology teams in region
• Prepares detailed reports, dashboards, and key metrics for management and regulatory reviews, supporting transparency and informed decision-making across the region.
• Supports regulatory and audit engagements pertaining to risk area with focus on control design related queries
• Drives technology resiliency initiatives and goals through regional working groups, collaborating with key stakeholders from FTR, third-party assurance, and LOB technology resiliency leads
• Tracks and follows up on action items from risk assessments, audits, and regulatory findings, ensuring timely resolution and compliance
• Plan, design, and conduct resiliency simulations and testing in accordance with the firm’s business and technology standards as well as global regulatory framework. This includes all aspects of exercise project management such as scheduling meetings, reserving venues, designing facilitating discussions, and providing senior leader project updates to senior leaders
• Drive or support post-incident and post-exercise after-action reviews and reporting. Work with key stakeholders to identify and synthesize corrective actions, implement tracking/monitoring of progress, and design future simulations to validate improvements
  
  

Required qualifications, capabilities, and skills

• Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
• 2+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises
• Working knowledge of common cybersecurity threats and technology resiliency risks pertaining to the financial services sector
• Strong collaboration and communication (written and verbal) skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts to diverse stakeholders
• Excellent writing skills and ability to communicate effectively. Proficiency in the use of Microsoft Office and related technologies.
• Strong skills in metrics development, risk analysis & visualization, and automation is required

• Experience developing and presenting briefings to collaborative partners in addition to large group meeting facilitation and logistics planning

Preferred qualifications, capabilities, and skills

• Preferred experience in Information Technology, Operational Resilience, Information Assurance, Cybersecurity, and/or Banking/Finance (equivalent experience accepted in lieu of degree)
• Relevant industry certifications preferred – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP) – showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
• Experience working across multiple, parallel, complex engagements collaboratively with a diverse set of stakeholders, subject matter experts, and senior leaders to build requirements and execute across a core set of defined milestones
• Keen ability to assess emerging risks & vulnerabilities and synthesize outcomes into clear messaging for executive leadership that drives actions and accountability

---

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

---

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.

---

Boost firm's security and resilience using proactive assessments and innovative exercises to identify risks and vulnerabilities.