Global Supplier Services - Supplier Assurance, VP

Job Description

The Supplier Assurance Services (SAS) team is accountable for executing the global risk management and assessment programs for all in-scope suppliers within JPMC s Corporate Third Party Oversight (CTPO) program. Our team is part of Global Supplier Services (GSS), reporting directly to JPMC s Chief Procurement Officer supporting all Lines of Businesses (LOBs) in all global regions.The Strategic Assessments team within SAS is responsible for performing Third Party IT Security Risks assessments focusing on new supplier onboarding and providing expertise for technologies including cloud, supply chain, emerging and financial technologies (FinTech) strategic to business initiatives. The assessment of the supplier includes infrastructure, application stacks and other technologies to validated implementation and compliance with our Corporate Policies & Standards. This team is accountable for driving several programs that support the Cybersecurity and Technology Controls (CTC) function, including implementing and operating controls and processes that further enhance the firm s security postureAdditional responsibilities include, but are not limited to the following:

• Identifying opportunities to improve Third Party risk posture, developing creative solutions for mitigating risks
• Liaising with JPMC and Third Party s senior managers to communicate and influence decisions on best risk practices
• Driving compliance to adhere to best risk management practices throughout the organizations

As a Third Party IT Security Risk Assessor Lead on the Strategic Assessments team your day to day responsibilities will be to develop and execute firm-wide risk assessments of processes, products or programs, with focus on consistency. This includes:

• Assisting with various Third Party Risk Management program initiatives, working closely with the Third Party Risk Management Leads, to deliver 1st to market technologies to the firm
• Engaging with multiple LOB Delivery Managers for firm-wide suppliers to ensure compliance with required assessments per the JPMC policy and procedures
• Managing all aspects of the risk assessment process and lead onsite assessments of Third Parties, providing the overall technical, risk and security expertise
• Assessing completed questionnaires and supporting field work materials to ensure they are complete and meet JPMC expectations
• Identifying control breaks or vulnerabilities with a Third Party
• Documenting findings, compensating controls and residual risks and work with the LOB Delivery Manager to resolve issues through control breaks, Action Plans (APs) or Risk Acceptances (RAs)
• Validating evidence from Third Party, before Action Plans are closed
• Escalating issues associated with a Third Party
• Identify opportunities for improving Third Party risk posture as well as JPMCs Third Party risk management processes, including expanded monitoring, KRI tracking, etc.
• Supporting internal education and best practices sharing with peers and colleagues, as well as third party education & awareness

Qualifications:

• 7-10 years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS) and Third Party Outsourcing Risk Management within a large enterprise level environment
• 7-10 years of experience using a broad set of technologies throughout the infrastructure and application stacks (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, security, compute, network, storage, etc.)
• Understanding of network and host-based security technologies, including firewalls, web application firewalls, intrusion detection/prevention, data loss detection/prevention, threat protection, anti-malware, file integrity monitoring, configuration management, etc.
• Understanding of security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc.
• Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
• Understanding of industry risk frameworks (ISO27001, NIST, MITRE ATT&CK etc.)
• Proficient verbal and written communication skills, including the ability to independently and effectively participate in strategic collaborations with peers across the firm and influence senior management decisions
• Strong organizational skills with an ability to multitask effectively and deliver against commitments
• Bachelor s degree in a relevant discipline preferred
• CISSP, CISA, CISM, CCSP or CRISC certification preferred
• Ability to travel at least 25% of the time

About Us J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants and employees religious practices and beliefs, as well as any mental health or physical disability needs.About the TeamOur professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we re setting our businesses, clients, customers and employees up for success.,

Keyskills :
web application securityapplication security assessmentsit securitysupply chainsecurity riskcloud securityrisk managementrisk frameworkssecurity testingoperating systemsfinancial servicescreative solutions