Key Responsibilities:
- Investigation, analysis, documentation, remediation, tracking and reporting of technology risk and control identification and remediation
- Ensure existing and new solutions are designed to be continuously in synch with JPMC policies and standards, and the GTI Sustained Engineering operating environment
- Collaborate with team members and stakeholders on firm mandated, cross line of business, regional audit and risk and control projects.
- Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques.
- Proactively monitor Key Risk Parameters to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps.
- Provide leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process
- Aid in training and spreading technology risk and control awareness within the organization
- Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
- Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis
Candidates with a minimum 10+ years of experience in technology risk and controls, risk based consulting, risk assessments, audit and regulatory activities:
- Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field is required. Experience within financial services areas is preferred.
- Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment.
- Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.
- Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization
- Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.
- Aptitude to upskill and learn new technologies based on dynamic requirements.
Knowledge of controls associated with the key infrastructure capabilities, such as but not limited to:
- Network perimeters and firewall security configuration
- System hardening standards and configuration monitoring
- Remote and local network access management
- Application data protection controls for Network, Email, Web, Middleware and Database technology areas
- Knowledge of the latest networking and security trends
- Experience in PCI-DSS audit & compliance requirements and attestation
Preferred Skills:
- Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice.
- Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls.
- Ability to maintain high standards with a drive to achieve the right answer in difficult and/or ever changing situations.
- Stakeholder engagement skills, including ability to interact with senior levels of management.
- Advanced understanding of best practices and company policies.
- Ability to interact with technical, non-technical, and business members of the organization.
- Knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC ).
- Exposure to IT Risk and Process frameworks: COSO, COBIT, NIST, Cybersecurity Horizontal reviews, ITIL.
by via developer jobs - Stack Overflow
No comments:
Post a Comment