Software Development Toolchain Operational Risk Manager
Job Type: Full time
As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.
We are seeking a professional that has subject matter expertise in building and using system and software development tooling and toolchains. That expertise will be used to independently drive the risk agenda for technology development across the Global Technology environment and organization. Your experience should include a good understanding of the software development lifecycle (SDLC) including secure coding practices, vulnerability management, use of opensource software, software testing and release management are essential plus an understanding of the controls that an automated continuous integration and continuous deployment (CI/CD) pipeline supports.
You will perform independent risk assessments on specific technology either in use in the firm today or proposed. Identify areas of emerging technologies that introduce risk and may require risk assessment. You should also understand third party risks as applied to technology.
- Oversight of the enterprise software development toolchain
- Review the software development tools, processes and controls to assess the risks associated with software development such as inadequate testing or release management
- Assess third party risks as vendor software is used in the toolchain for functions such as vulnerability scanning
- Review technology and cyber security risks of the toolchain platform
- Assess the toolchain’s ability to meet the technology development controls
Required qualifications, capabilities, and skills
- Relevant experience in infrastructure/application architecture
- Relevant experience in software development using automated integration and delivery pipelines
- Knowledge of software testing and test methodologies
- Understanding of the software development lifecycle (SDLC) including secure coding practices, vulnerability management, use of opensource software, software testing and release management
- Ability to understand complex technical systems