JPMorgan Chase Global Cybersecurity Technology Controls – PCI Assessment Lead, Cyber in Plano, Texas

The Cyber & Technology Controls (CTC) team establishes the framework and provides guidance to the Enterprise Technology (ET) organization for managing risks, assessing controls and engaging with internal and external organizations to determine adequacy of the control environment. The CTC team supporting Enterprise Technology are responsible for governance and execution of risk programs to identify and mitigate risks within the organization. This includes ensuring adherence to existing policies and standards, regulatory requirements or best business practices.

As part of the Global Cybersecurity Technology Controls team, the PCI Assessment Lead, Cyber is responsible for overseeing compliance with PCI DSS within CTC-Cyber LOB. This is a highly visible role responsible for driving execution with product, technology, and business teams to ensure compliance with PCI DSS.

Key Responsibilities:

  • Work with Cyber control owners to strategize solutions that are designed to be continuously in synch with JPMC policies and standards, the Cyber environment, and compliance with the PCI DSS.

  • Serves as a technical expert with PCI subject matter expertise for the Enterprise Technology function. Includes infrastructure, architecture, and cloud.

  • Leads interaction with all Cyber product teams for all PCI support activity.

  • Provide leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process.

  • Coordinate activities and information around multiple projects and initiatives related to PCI as well as other risk and control objectives.

  • Collaborate with Assessment team members and stakeholders on PCI mandated, line of business, and risk and control projects.

  • Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques.

  • Partnering within Cyber to create and proactively monitor Key Risk Parameters designed to identify non-compliant conditions and assist in remediation with compensating controls (if needed) to address security, risk and control gaps.

  • Aid in training and spreading PCI compliance awareness within the organization

  • Develop and maintain strong business and technology relationships, becoming a trusted partner within Cyber.

  • Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis

  • Capture, review and analysis of PCI required documentation, ensuring Cyber readiness for firm-wide assessments.

  • Provide guidance on remediation activities as it pertains to Cyber products and services ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure.

Basic Qualifications:

Candidates with a minimum 5-7 years of experience in technology risk and controls, risk based consulting, and risk assessments. Minimum of 1-4 years of experience in PCI.

  • Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field. Experience within financial services areas is preferred.

  • Proven skills with the management and implementation and monitoring controls and processes related to PCI DSS

  • Knowledge and prior experience with all domains of Technology Infrastructure.

  • Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment.

  • Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.

  • Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization.

  • Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.

  • Aptitude to up-skill and learn new technologies based on dynamic requirements.

  • Evaluating and making recommendations/decisions on technical options as appropriate.

  • Self-starter with high energy to meet the needs of a demanding business and IT environment

Preferred Skills:

  • Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice.

  • Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls.

  • Advanced understanding of best practices and company policies.

  • Ability to interact with technical, non-technical, and business members of the organization

  • Knowledge of process-focused methodologies for IT related activities (Change Management, Incident Management, and SDLC).

  • Certification as QSA, ISA, CISSP, CISA, or other relevant qualifying certifications

  • Exposure to IT Risk and Process frameworks: PCI DSS, COSO, COBIT, NIST, ITIL.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.