Job Description

:

The Cybersecurity & Technology Controls (CTC) group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.

As an Information Security Manager (ISM) in CTC, your primary responsibility is to support the Global Technology and Infrastructure (GTI) group in APAC. This role will partner with CyberSecurity & Global IT stakeholders at varying levels, to ensure JPMC's security architecture, policies, standards, risk management, monitoring, and compliance are followed. In this role you will engage in areas of development, design, and execution of our corporate and global control programs focusing on end user technologies and technology infrastructures in China. You will also interact with management, the internal Lines of Business, audit, and external regulators.

What You Will Be Doing:

• Partner with CTC and our APAC IT Organization to ensure existing and new solutions are designed to meet JPMC policies and standards
• Provide strategic advisory to ensure sound architecture and control effectiveness
• Define, deliver, and maintain secure architectures in existing and future environments consistent of complex, global architectures
• Develop and maintain strong business relationships, influence change as a trusted advisor for your customers
• Provide leadership and drive risk remediation to properly manage risk, issues, action plans, remedies, and closure verification processes
• Methodically challenge assumptions to best support your internal customers
• Ensure all pertinent Information Risk and Control regulatory requirements and policies are understood by internal business partners, technologists, and Information Security Management (ISM) staff
• Ensure the policies are implemented and monitored successfully
• Aid in training and spreading technology risk and control awareness within the organization
• Oversee and ensure proper closure of regulatory change disposition in a timely manner and escalate to senior management as appropriate
• Provide regular management reporting to senior management and relevant stakeholders in business units.

Qualifications:

We are looking for an experienced professional with a wide variety of strengths and capabilities, including:

• Bachelor's degree in Computer Science, Management Information Systems, Information Systems, or a related field is required
• Minimum 10 years of experience in technology risk and controls, security architecture, and risk management
• Background in infrastructure, networking, and endpoint controls
• CISSP/CRISC/CISM or equivalent industry certifications is required
• Business fluency in Mandarin is preferred as the job holder will interact with clients based in China
• Experience within financial services areas is preferred
• Experience supporting a global IT organization through technology audits and regulatory activities
• Experience with security architecture, threat modeling, and vulnerability management
• Experience with regulatory and compliance as it relates to supporting a global IT organization and technology, including but not limited to regional regulators such as HMKA, MAS, RBI, PBOC, CSRC, BNM, OJK and other regional regulators and compliance bodies
• Experience in design, advisory, and oversight of technology risk and control design coordination to mitigate risk for IT control environment
• Ability to operate autonomously and navigate ambiguous situations without direct supervision
• Experience with controls associated with the key cyber capabilities, such as but not limited to:

• Network perimeter and firewall security configuration, LAN, WAN, WLAN, DMZ, Proxy, Private/Public Cloud Controls and Automation
• Application Security, Operating Systems, System hardening standards and configuration monitoring
• End User Networking, Remote and local network access management
• Data protection controls for Network, Email, Web, Middleware, Virtualization and Data Backup & Recovery technology areas

About Us: J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

About the Team: The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.