The Supplier Assurance Services (SAS) team performs comprehensive risk assessments of suppliers within JPMorgan Chase’s (JPMC) Corporate Third Party Oversight (CTPO) program. We support JPMC’s Cybersecurity and Technology functions by designing and implementing controls and processes to further enhance the security posture of JPMC’s supply chain as a part of Global Supplier Services (GSS), reporting directly to JPMC’s Global Head of Corporate Third Party Oversight.

• As a Cybersecurity Assessment Team Lead
• Vice President in Supplier Assurance Services (SAS), you will manage an agile team of cyber risk subject matter experts that will partner with other assessors from SAS to perform cybersecurity control assessments of critical supplier environments while also performing assessments of key suppliers on your own. You and your team will evaluate the effectiveness of controls in supplier infrastructures, application stacks, cloud hosts and other technologies. You and your team will ensure the confidentiality and integrity of JPMC’s data stored in Supplier environments or ensure the availability of JPMC’s services provided by suppliers. Your leadership skills and proven ability to function with minimal day-to-day oversight will help you to navigate complex stakeholder organizations and sensitive JPMC supplier relationships, because your work in SAS will be a critical component of JPMC’s overall defensive risk posture.

Job responsibilities

• Lead your team’s delivery of cybersecurity controls assessments of critical and high risk suppliers, supporting the rest of the assessors in SAS.
• Provide cybersecurity risk and controls expertise during the onsite / virtual assessment of the supplier controls environment.
• Oversee your team’s identification of cybersecurity risks and weaknesses within suppliers’ IT and hosted cloud environments and document remediation plans.
• Identify opportunities for process improvements to deliver increased operational efficiency and opportunities for improving supplier posture including expanded monitoring, key risk indicator tracking, etc.
• Support your team to stay informed of the latest cyber risks in the industry and current adversarial tactics, techniques and procedures in order to create maximum impact to our organization.

Required qualifications, capabilities, and skills

• Minimum 8 years of experience in Technology, Technology Risk & Controls, Cyber Operations, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, or Cyber Resiliency within a large enterprise-level environment.
• Subject matter expertise of cybersecurity operations including defensive architectures and processes to combat adversarial activities
• Proven ability to lead by example
• Strong written and verbal presentation skills at the senior management level including ability to describe cyber risks in terms relatable to business stakeholders
• Experience debating issues with senior decision makers and pushing back when necessary

Preferred qualifications, capabilities, and skills

• Hands-on, practical experience in red teaming, blue teaming or penetration testing
• CISSP, CCSP or similar certifications