JOB DESCRIPTION
As a Supplier Cybersecurity Assessor - Vice President in Global Supplier Services, you will conduct comprehensive technology and cybersecurity control assessments of supplier environments, including services hosted in public cloud providers. You will partner with stakeholders to ensure the confidentiality, integrity, and availability of JPMorgan Chase’s data and services. Your expertise will help drive improvements in our supplier risk posture and support the firm’s overall defensive strategy.
Job Responsibilities:
- Review supplier security stacks and conduct fieldwork with internal and external stakeholders to ensure alignment with JPMorganChase expectations.
- Provide cybersecurity risk and controls expertise during onsite and virtual assessments of supplier control environments.
- Identify cybersecurity risks and weaknesses within supplier IT and hosted cloud environments, and document remediation plans.
- Stay informed of the latest cyber risks and adversarial tactics to maximize assessment effectiveness.
- Identify and recommend process improvements to enhance operational efficiency and supplier risk posture, including expanded monitoring and key risk indicator tracking.
Required Qualifications, Capabilities, and Skills:
- 10 years of experience in Technology, Technology Risk & Controls, Cyber Operations, Application Security, Cloud Security (SaaS, PaaS, IaaS), Network Security, or Cyber Resiliency within a large enterprise environment.
- Subject matter expertise in cybersecurity operations, including defensive architectures and processes to address adversarial activities.
- Proficiency in incident management, incident handling, investigations, and root cause analysis.
- Strong written and verbal communication skills, with the ability to present complex cyber risks to senior management and business stakeholders.
- Experience engaging with senior decision makers and constructively challenging when necessary.
Preferred Qualifications, Capabilities, and Skills:
- Practical experience in red teaming, blue teaming, or penetration testing.
- CISSP, CCSP, or similar cybersecurity certifications.
