Information Security

Job Description

Assessment & Assurance (A&A) Team is a global function that provides end to end coverage from Program Management to Assessment Execution of regulatory and asset-based control assessments across Global Technology. The scope of work includes control assessments for the various programs covering Financial (SOX, CCAP etc.), Payment Card (PCI), Cyber, Privacy (GLBA, GDPR etc.), Application (ARA) and Infrastructure (ICA) across both Regulatory and Organizational Compliance needs. These control assessments comply with relevant global regulations and JPMC information security policies, procedures and standards catering to technology teams for all Lines of Business (LOB) in the organization.As an independent function within Assessment & Assurance, the Quality Review( QR ) Team is responsible for:

• Defining a technology quality management program that defines, measures and monitors quality and supports continuous improvement in line with firmwide requirements.
• Developing and conducting a continuous quality review program against internal and regulatory requirements to ensure quality, completeness and accuracy of technology assessments delivered, including pre-closure review of significant issues and findings.
• Specifically, on the centralized assessment execution model that strives to optimize control testing processes and drive efficiencies, the Quality Review Team is integral to ensuring that the centralized assessments meet the quality requirements from internal and regulatory requirements aspects.

This position is part of the QR Team and will be based in either Bengaluru or Hyderabad, India.Primary Responsibilities

• Perform independent Quality review activities to validate quality, completeness and accuracy of technology assessments delivered, including pre-closure review of significant issues and findings stemming from these assessments
• Lead analysis on Quality review findings performed to discern trends and focus areas for appropriate management
• Ability to adapt to JPMC risk methodology and framework and provide quality review outcomes aligned to this approach.
• Actively cross-train in application of Quality Review methodology and practices across technology assessments
• Work with appropriate stakeholders (e.g. assessment leads and Information Security Managers (ISMs)) to identify meaningful improvement and operational excellence opportunities related to assessment quality, assessment process and the Quality Review program.
• Ability to develop quality metrics for reviewed programs using Industry best practices

• Effectively document and communicate findings and reasonable practices to, and build and maintain meaningful collaborations with, appropriate stakeholders
• Effectively supports the teams collective mission and objectives through personal accountability over work tasks and business results
• Actively support continuous internal education practices with peers and colleagues in subject matter areas related to information security, quality assurance, and technology risk management.
• Participate in additional key risk and control projects related to the enhancement of technology risk assessment and measurement programs

Qualifications:

• At least 7 years experience in information security/ technology risk management/ assurance services/ quality review/ risk & control assessments, with a good amount of exposure in designing and evaluating technology processes, risks, and controls
• Have a strong background in Auditing, understanding of internal controls, particularly IT General Computer Controls (ITGC).
• Understands quality management fundamentals (including exposure at identifying, developing, and negotiating quality requirements, procedures, and measurements)
• Be detail oriented with ability to evaluate processes, controls, and issues to determine the risks.
• Adept at task prioritization and ensuring deadlines are consistently met in a high-pressure, multi-stakeholder environment whilst maintaining high quality work
• Good at investigating issues to determine root causes and implications, associated threats and collaborate with internal stakeholders in managing technology risk and evaluating controls
• Strong communication skills, both verbal and written, and can negotiate a challenging situation with ease and proficiency
• Proficient with Microsoft Office product suite, including Project and Visio
• Proven track record of teamwork, collaborating with stakeholders/ customers and driving initiatives
• Should have reasonable knowledge of APAC technology regulatory requirements and risk
• Having attained 1 relevant professional certification will be an added advantage, e.g. CISA/ CRISC
• Preferred qualifications and experiences but not mandatory:
  • Familiarity with the firms technology risk, control and/or compliance assessments and processes
  • Familiarity with JIRA and Agile process.

,

Keyskills :
program managementinternal controlsquality managementrisk assessmentcontrol testingtechnology riskinformation securitymicrosoft officequality assurance