Cybersecurity and Technology Controls Officer

  • Competitive
  • Glasgow, Scotland, United Kingdom
  • Permanent, Full time
  • J.P.Morgan
  • 14 Nov 18

Cybersecurity and Technology Controls Officer


Business Overview:

J.P. Morgan is a global leader in asset management services. As the Asset & Wealth Management line of business in JPMorgan Chase & Co., we serve four distinct client groups through three businesses: institutional and retail clients through Investment Management, ultra high net worth clients through the Private Bank, and high net worth clients through Private Wealth Management.
J.P. Morgan Asset & Wealth Management (AWM) is a leading asset manager of choice for institutions, financial intermediaries and individual investors, worldwide. With a heritage of more than two centuries, a broad range of core and alternative strategies, and investment professionals operating in every major world market, we offer investment experience and insight that few other firms can match. With clear focus on managing client assets and delivering strong risk-adjusted returns, more than 650 investment professionals provides over 200 different strategies spanning the full spectrum of asset classes, including equity, fixed income, cash liquidity, currency, real estate, hedge funds and private equity and take leadership positions in America, U.K., Continental Europe, Asia, and Japan.

Job Description:
The AWM Cybersecurity and Technology Controls team supports the identification, assessment, and management of technology and data risk across Asset & Wealth Management.
Our Cybersecurity and Technology Controls Officers work with technology teams to design, implement, and assess controls designed to protect the Firm's information and supporting technology platforms. We aim to balance sound control with efficiency, through smart process and automation. Key deliverables and responsibilities supported by our global team that would be extended to this role include but are not limited to the following;

  • Managing risk assessment processes to help our technology teams, control partners, and business stakeholders understand the state of our technology and data control suite, and from there, work together to prioritize and remediate identified gaps
  • Overseeing key operational controls to ensure ongoing operating effectiveness
  • Providing advisory services in shaping next generation controls, and engaging with Internal Audit, Legal and Compliance, and other groups as necessary to support reviews of our control environment
  • Monitor the control environment regarding all technical, financial and operations processes reviewing key controls metrics and engaging stakeholders appropriately to ensure adequate control management
  • Lead the analysis, design and implementation of products, tools and technology delivering control management capabilities and services focussing primarily on application and mobile security
  • Assisting technology teams to drive accelerated development through effective control framework and in particular delivering guidance and support in relation to SDLC and Cloud adoption
  • Provides in-depth analysis of threats, vulnerabilities, secure architecture and design with skills in recommending appropriate solutions to ensure security of information assets
  • Capable of performing threat, vulnerability and risk assessment of complex systems across internal and cloud infrastructure and executing relevant programs to deliver controls uplift
  • Support in data governance and data protection including key regulatory programs
Experience/Education/soft skills;
  • 6-8 years' experience in cybersecurity or technology risk management, preferably for financial institution or strong background in risk advisory
  • Strong working knowledge of risk and controls management principles and processes, secure architecture and design, threats and vulnerability management in the context of application, cloud and mobile security
  • Demonstrated capability of designing and implementing large scale application security and assurance programs
  • Subject matter expert in the field and keeps knowledge and technical skills current; participates and leads technical security forums
  • Proficient and proven track record of delivery cybersecurity products and services within a business domain
  • Track record of implementing successful risk or technology management solutions
  • Track record of developing and maintaining senior-level stakeholder relationships
  • Must be a self-starter and self-motivated and be able to prioritize accordingly depending on demands from technology teams, business and regulatory
  • Be comfortable talking to development teams and offering risk opinions