Information Security Manager

工作内容

The Chief Technology Office (CTO) oversees enabling technology capabilities inclusive of engineering and architecture tools and practices as well as the firm’s technology workforce strategy. Our mission is to integrate new and emerging technology into the fabric of the firm. Our teams lead the design and development of a range of new and emerging technology capabilities including Blockchain, AI/ML, Core Development, Architecture, Engineering and Data Management. In addition, our research and engineering teams collaborate to take ideas from early-stage research to real world deployments. CTO teams also inspire and engage firmwide technology workforce to anticipate and adopt new technologies, process methodologies, and establish architectural constructs.

As an Information Security Officer (ISM) within CTO, you will focus on improving the end-to-end risk posture for the assigned product group, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. This includes a threat driven approach to enable secure from the start adoption of emerging technology and application development. The ISM will be expected to drive effective risk & controls management and support the technology teams through proactive identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate on proactive measures to remediate.

This role requires a wide variety of strengths and capabilities, including:

• Strong leadership skills with exceptional communication and presence
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• experience in technology risk and controls, risk-based consulting, risk assessments, audit and regulatory activities
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection
• Management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
• Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
• A detailed understanding of Software Development Lifecycles (SDLC) and Machine Learning Development Lifecycles (MLDLC)CISSP/CRISC/CISM or equivalent industry certifications
• Direct experience in offensive/defensive cyber exercises, such as red teaming, penetration testing, or incident response
  

Knowledge of controls associated with the key infrastructure capabilities, such as but not limited to:

• Network perimeters and firewall security configuration, LAN, WAN, WLAN, SD-WAN
• Operating Systems, System hardening standards and configuration monitoring
• End User Networking, Remote and local network access management
• Application data protection controls for Network, Email, Web, Middleware, Virtualization and Database technology areas
• Encryption, public key infrastructure, and service hardening
• Enterprise authentication and identity management
• System orchestration and lifecycle management
• Knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC)
• Knowledge of industry-standard risk/control frameworks: ITIL, COSO, NIST, PCI-DSS, COBIT, etc.
• Proficiency in Information Security domains and best practices
• An understanding of the cyber threat landscape, regulatory environment and industry trends
  

Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you’ll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You’ll also leverage your expert knowledge of today’s ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.

At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.

© 2018 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.