JPMorgan Chase Global Cybersecurity Technology Controls – PCI Business Assessment Lead in Tampa, Florida
The Cyber & Technology Controls (CTC) team establishes the framework and provides guidance to the Enterprise Technology (ET) organization for managing risks, assessing controls and engaging with internal and external organizations to determine adequacy of the control environment. The CTC team supporting Enterprise Technology are responsible for governance and execution of risk programs to identify and mitigate risks within the organization. This includes ensuring adherence to existing policies and standards, regulatory requirements or best business practices.
As part of the Global Cyber Technology Controls team, the PCI Business Assessment Lead, Line of Business is responsible for overseeing compliance with the PCI DSS within the assigned Line of Business. This is a highly visible role responsible for driving execution with product, technology, and business teams to ensure compliance with PCI DSS.
Works with Line of Business as a single point of contact managing all aspects of the annual PCI Data Security Assessment.
Serves as a technical expert with PCI subject matter expertise for the Line of Business.
Leads interaction with all Line of Business product teams for all PCI support activity.
Works with the Line of Business teams to define PCI scope.
Performs QA on all evidence prior to presentation to QSA.
Oversees the completion of a Self-Assessment Questionnaire (where applicable).
Provides leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks and remedies and supports the closure verification process.
Collaborates with other PCI Assessment team members and stakeholders on PCI mandated, line of business, and risk and control projects.
Provides direction for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques.
Partners with other Global Cyber and Enterprise Technology teams to create and proactively monitor Key Risk Parameters designed to identify non-compliant conditions and assist in remediation with compensating controls (if needed) to address security, risk and control gaps.
Aids in training and spreading PCI compliance awareness within the organization
Develops and maintains strong business and technology relationships, becoming a trusted partner within Line of Business.
Communicates risk and other control findings with key stakeholders, develops recommendations and provides accurate metrics and management reports on a timely basis
Provides guidance on remediation activities as it pertains to Line of Business products and services ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure.
Candidates with a minimum 5-7 years of experience in technology risk and controls, risk based consulting, and risk assessments. Minimum of 1-4 years of experience in PCI.
Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field. Experience within financial services areas is preferred.
Proven skills with the management and implementation and monitoring controls and processes related to PCI DSS
Knowledge and prior experience with all domains of Technology Infrastructure.
Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment.
Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.
Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization.
Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.
Aptitude to up-skill and learn new technologies based on dynamic requirements.
Evaluating and making recommendations/decisions on technical options as appropriate.
Self-starter with high energy to meet the needs of a demanding business and IT environment
Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice.
Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls.
Advanced understanding of best practices and company policies.
Ability to interact with technical, non-technical, and business members of the organization
Knowledge of process-focused methodologies for IT related activities (Change Management, Incident Management, and SDLC).
Certification as QSA, ISA, CISSP, CISA, or other relevant qualifying certifications
Exposure to IT Risk and Process frameworks: PCI DSS, COSO, COBIT, NIST, ITIL.
JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.