JPMorgan Chase Real Time Communications Risk & Control Lead in Columbus, Ohio
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of > $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Global Technology Infrastructure (GTI) is the technology infrastructure organization for the firm, delivering a wide range of products and services, and partnering with all lines of business to provide high quality service delivery, exceptional project execution and financially disciplined approaches and processes in the most cost effective manner. The objective of GTI is to balance both business alignment and the centralized delivery of core products and services. GTI is designed to address the unique infrastructure needs of specific lines of business and the demand to leverage economies of scale across the firm.
Real Time Communication (RTC) delivers measurable business value by providing core Voice and Data technology solutions that meet business demand while realizing cost efficiencies. RTC works with our Line of Business partners to develop standardized, resilient operating environments and implement a global technology strategy for the firm's Telephony, Trader Voice, Voice Recording, Contact Center, Telepresence and Conferencing systems; supporting over 380k users globally.
The Risk & Control Lead is responsible for designing and implementing controls governance processes, monitoring and reporting against the firms Controls Policy for the global voice infrastructure, middleware and application environments. This portfolio includes CISCO UC, voice gateways, CUBE and Avaya PBXs which provide Voice Services to the Corporate, Retail and Contact Center lines of business worldwide. Responsibilities will include but not be limited to: Identifying, reporting and governance of security control gaps and policy breaks for all aspects of Systems Hardware and Software, Infrastructure Controls Assessment and Application Control Assessment management/governance and global regulatory requirements.
The candidate must have Unified Communication (Cisco Infrastructure and Application Operations) experience supporting large scale carrier or financial institution infrastructure and controls environments. The candidate will also need to have experience in managing global vendor contracts and regulatory policy (Luxenberg, Johannesburg etc.).
He/She will need to have a deep understanding and proven experience within the following areas: Voice & Data Transport systems, Desktop and Server Operating System / Software deployment, ITIL Methodology, Performance Metrics & Reporting, Process Re-Engineering, Technical Problem Resolution, Business Applications Knowledge, Change Management, Corporate IT Audit Process, IT Risk Management, Asset/Inventory Management, Risk Assessment, Customer Service, Foundation Architecture Knowledge and Infrastructure Product Knowledge.
The successful candidate will have versatility as their key strength: the ability to understand multiple roles across the organization: operations manager, developer, architect, innovator etc.. We are looking for a candidate who is well-rounded in their technology experience and is willing to take on new challenges, as our infrastructure may move in technical directions that we cannot foresee today. The ability to work in a dynamic, global team oriented environment is key to this position. The ideal candidate will look at new technology as an opportunity and provide innovative solutions to unique challenges.
Other Role requirements:
Analytical and objective – able to elaborate on, characterize, assess and evaluate technology and tech-related risks dispassionately and rationally.
An influencer and facilitator – able to build strong interpersonal relationships, and inform, guide and motivate managers and technologists to address risks with due care and attention to detail. Comfortable speaking with senior leaders within the firm, and arguing valid points to proper risk conclusion.
Strong communication skills – able to explain risks that are often complex and obscure to non-specialists, and (just as importantly) good at listening and sensitively interpreting others.
A self-motivated leader - demonstrating a passion for and thought-leadership in this domain; raising your hand when necessary and able to engage with senior leadership with confidence who will rely on your expert opinions in risk and controls, and to disagree when necessary without fear of impunity.
Confident and trustworthy - keen to earn the respect and trust of, and inspire, others. Integrity is the stalwart of a security professional in the domain they are assigned.
Risk and Controls Experience:
Several years of experience / knowledge in Technology Risk Management or Technology Audit working for a financial institution.
Understanding of control frameworks and industry standards including COBIT, ISO 27001, NIST and ITIL.
Experience conducting audits of policy and compliance to standards, including liaison with internal and external auditors.
Applied experience in technology control assurance and control issue remediation.
Understanding of Application controls and best practice mitigating lifecycle risk.
Key Technology Skills:
Security + Certification at https://certification.comptia.org/certifications/security#examdetails or equivalent certification
CRISC or CISA at https://www.isaca.org/pages/default.aspx
Strong understanding of SDLC process, able to contribute within the framework of Secure from The Start SDLC methodology.
Strong understanding of Agile process, able to contribute within the framework of Agile methodology.
Ability to conduct and perform system risk and information security risk assessment and gap analysis process.
Ability to review and understand the information security risk related policies, standards and procedures documentation related to the line of business supported.
Strong understanding of security fundamentals ( ie: Firewall, encryption, network security)
5+ years of experience with InfoSec policy compliance and risk management supporting an IT domain, including Application Development, Infrastructure Operations or a related discipline.
Key Soft skills:
Strong presentation, communication and stakeholder management skills.
Experience presenting to senior management.
Develops and maintains effective working relationships with the stakeholders and the various control or extended control functions.
Client focused and service orientated. Proactively engages with stakeholders and maintains effective working relationships.
Ability to handle difficult discussions and present complex technical issues to non-technical audiences.
Demonstrates and fosters teamwork. Ability to work as part of a team and to make positive contributions.
Strong diversity skills able to communicate effectively with people from different cultural backgrounds.
Excellent English comprehension skills; ability to infer meaning from context
Preferred Skills / Other Considerations
CISSP and PMP certification a plus.
Other IT certifications a plus.
Project management experience
Financial services experience
Extensive experience in technology or IT risk management, preferably from financial institution and/or strong background in IT Risk Advisory
Demonstrated capability of designing and implementing cross-functional programs; strong project management skills
Proven ability to work collaboratively and multi-task successfully with quality and timeliness equally
Experience of implementing successful risk or technology management solutions
College degree with relevant discipline required
JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.