Vice President - Third-Party Cybersecurity Assessor

County Dublin
Full time
employer logo
JP Morgan
Banking, investment & finance
10,001+ employees
Compare top employers
Apply on company site

The Cybersecurity and Technology Controls Assurance organisation is comprised of highly skilled and passionate cybersecurity professionals whose mission is to create a shared understanding of firmwide tech, data and cyber risk enabling our business and customers to make risk-informed decisions.

As a Vice President - Third-Party Cybersecurity Assessor within the Cybersecurity and Technology Controls Assurance organisation, you will play a crucial role in assessing the health and security of JPMC’s Third-Party suppliers. You will identify risks and gaps in their control maturity, evaluate suppliers’ infrastructure, application and control environments, and provide transparency into the cyber resilience, recoverability and operational/data risks associated with key relationships. This role offers the opportunity to engage with a variety of stakeholders, requiring excellent leadership skills and the ability to navigate complex organisations. Your work will have a critical impact on our company, as well as our clients and our business partners around the world.

Job responsibilities:

  • Partner effectively with third-party SME’s to conduct detailed evaluations of security controls and practises to identify and articulate risks and gaps in security posture to key stakeholders
  • Assess suppliers compliance with cybersecurity standards and exposure to industry risks, provide insights into corrective actions and mitigations that will help to strengthen cyber resilience.
  • Identify opportunities for process improvement throughout the assessment lifecycle, delivering operational efficiencies and improving supplier assurance
  • Providing guidance and advice to Business, Technology and Third-Party supplier groups on cybersecurity best practise
  • Support development of supplier risk metrics to articulate the efficacy of suppliers security arrangements
  • Participate in thematic analysis, identifying trends/common issues in supplier security posture
  • Partner with Product Security, Tech Risk & Controls and Risk Pillar leads to raise awareness and drive improvements in Third-Party control implementations
  • Develop and deliver education/best practices with peers and colleagues, as well as third parties
  • Escalate issues associated with suppliers as needed.

Required qualifications, capabilities, and skills

  • Minimum of 3 years relevant experience in cybersecurity in either control delivery, operations or assessment capabilities
  • Deep understanding of Key Cybersecurity principles and control implementations that mitigate common threat actor techniques (Email, Network, Endpoint, Resiliency & Recovery (incl. response plans), Monitoring, End User Awareness, vulnerability management, Identity and Access Management)
  • Understanding of industry risk frameworks (ISO27001, NIST Cybersecurity Framework, etc.)
  • Ability to clearly translate and communicate cyber risk via written, verbal and presentation formats to a variety of stakeholders in Cyber, Technology and the Business
  • Able to collaborate and navigate organisational levels/boundaries to develop improvement plans and recommended mitigations
  • Highly Analytical, tenacious and inquisitive mindset
  • Self-starter with drive to deliver results and continuous improvement mindset
  • Process engineering and re-engineering skills.

Preferred qualifications, capabilities, and skills

  • CISSP, CISA, CISM, CCSP or CRISC certification is a plus
  • Background in Product Security, Incident Response, Technology/Cyber Audit