Resiliency Assurance Lead
Job Type: Full time
Cyber Security & Technology Controls (CTC) ensures the security and resiliency of the firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. Accomplished through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services focused on improving the firm's risk posture. The IT Risk team is composed of firm-wide functions (IT Risk Management, Infrastructure Security Solutions, Identity & Access Management, Application security and Technology resiliency) as well as business-aligned risk & resiliency management teams that affect the technology risk program across JPMC.
The VP, Global Cyber Security & Recovery Resiliency Architect will be responsible for partnering with Cybersecurity, LOB Resiliency Leads and technologists across the firm in developing real life scenarios and appropriate solutions where gaps exist. Ensuring that resiliency is designed across the life cycle of both infrastructure technology and applications, thereby driving the timely and successful execution of the firm wide Recovery and Resiliency strategy within the Cyber Security arena.
The successful candidate will be a strong technologist who is flexible, resilient, an innovative thinker, as well as a natural collaborator with enterprise architects, engineers, developers, and senior management from across the organization. The resiliency architect is expected to lead and promote resilient architecture enabling resiliency/agility within our global technology products. In addition, the candidate must possess strong technical leadership skills, the ability to influence at all levels of the organization, demonstrated success in working with teams particularly in a matrix fashion, and communicate effectively through clarity of thought and demonstrated understanding of business and technical requirements.
Position Key Responsibilities:
- Work closely with LOB architects and GTI infrastructure technologists to develop resilient architectures, design patterns and solutions that cover all resilient scenarios traditional Disaster recovery as well as Cyber recovery
- Partner with CTC testing Simulation, Infrastructure and Application development teams to develop new testing scenarios and capabilities
- Provide key SME leadership across the technology organization on resiliency programs and initiatives
- Develop and implement resiliency controls to provide continuous monitory of the Firms capability to recover from a malware event
- Define and implement post-mortem / root-cause analysis processes – develop improved testing scenarios based upon analysis
- Ensure all implemented cyber resiliency solutions have validation plans in place including continuous improvement plans
- Ensure that Cyber malware recovery playbooks are clearly defined, documented, communicated, adhered to, and are audit compliant
- strong hands-on experiences and technical depth in one, or more technology areas, including Data security, Infrastructure security, Endpoint/Platform security, Distributed Technologies, Replication technology, Cloud or Application Security.
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles would be advantages
- Some Programming experiences in one or more languages (scripting/functional/imperative -- C/C++, Java, Python, Scala, R, SQL, etc.) would be advantages
- Proven leader with successful track record driving large scale technology projects from inception to implementation
- Strength in both business and technical requirements analysis
- Strong written and verbal communication skills
- Ability to think strategically about how to create firm wide solutions to meet business requirements and ability to communicate effectively to both business and technical audiences
- Ability to orchestrate and drive complex strategies and solutions
- Proven ability to build strong, cohesive partnerships with the business, operations, technology & other key stakeholders, including external vendor partners, and work effectively in a matrix organization.
- Superior analytical and problem-solving skills
- Prior experience working with external auditors and regulators
- In depth knowledge of system and application vulnerabilities e.g. OWASP, NIST, SANS…
- Ability to present to larger audience and manage large working group.
- Ability to keep abreast with latest threats, attacking techniques and mitigating strategies.
- Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly / minimization...)
- Skill in conducting security design reviews and recognizing vulnerabilities in systems
- Prior experience in cybersecurity design / engineering would be advantageous
- Prior experience in disaster and/or cyber recovery planning and testing would be advantageous
- Bachelor's degree in Computer Science, or a related field
- CISSP, CISM, CISA, CRISC a bonus
The ideal candidate would have been in a cybersecurity engineering / architecture role with some application knowledge