Find More Than 52931+ Job Vacancy

JOB DESCRIPTION

Data Loss Prevention Product Governance Lead

The primary responsibility of the Data Loss Prevention Product Governance Associate is to ensure proper governance around products delivering data loss prevention controls. This role falls within the Cybersecurity Operations product line, which includes SIEM, DLP, Digital Forensics, Network Telemetry and File Analysis, Cyber Intelligence, Vulnerability Management, Attack Simulation, and Endpoint Detection and Response.

This Product Governance role is responsible for risk and compliance oversight of the Data Loss Prevention product within the Cyber Operations product line and is focused on ensuring that all operational implementations and measures are managed to the firm's risk and compliance requirements. It will also partner with the product teams to ensure an accurate articulation of risk, an appropriate prioritization of controls in accordance with requirements and risk posture, effective assessment of controls, timely remediation of findings, and complete responses to Audit, Supervisory, and Regulatory requests for information. This role participates in the development, design, and monitoring of corporate and global control programs and acts as a liaison between the Product lines, the Lines of Business, internal and external audit, and regulators.

Key Responsibilities:

• Assist with the design and development of control implementations and their measures based on new and emerging technology solutions
• Employ knowledge of industry best practice and control guidance provided by NIST, CIS, DISA and others
• Ensure existing and new solutions are designed to be continuously compliant with JPMC policies and standards and pertinent regulatory requirements
• Support regulatory engagements
• Collaborate with team members and stakeholders on internal and external audits involving Cyber Operations products
• Provide leadership and advise on material remediation activities, ensure appropriate resolution of issues and action plans, and support the closure verification process
• Communicate risk and other control findings to key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis
• Develop documentation and evidence to support risk decisions for product roadmap prioritization and control implementations
• Drive strategic improvement for measurable and sustainable controls including process enhancements and use of automation
• Define and proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation to address security, risk, and control gaps
• Lead efforts to automate product capabilities for the production, analysis, and reporting of data for assessment and performance and risk indicators
• Establish productive partnerships with LOB, Cyber Architecture, and Product Management teams

Qualifications:

• 5+ years of combined experience across the fields of technology risk and controls, risk assessments, cybersecurity operations, audit and regulatory activities
• Knowledge of Data Loss Prevention and Cybersecurity practices, operations risk management, and engineering threats and vulnerabilities including incident response methodologies
• Understanding of national and international laws, regulations, and policies related to the financial services industry
• Ability to identify Data Loss Prevention security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
• Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, Cybersecurity, or study / experience in a related field is required
• Experience within the Financial Services Industry is preferred
• Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment
• CISSP/CRISC/CISM or equivalent industry certifications

Additional Desired Skills:

• Ability to maintain high standards, prioritize work and drive toward solutions in challenging and/or changing situations
• Proven ability to examine, improve, and execute the organization's existing processes and procedures for risk assessment
• Ability to review, understand, and rely on technical and software documentation and apply that knowledge
• Experience operating in heavily governed environments under compliance, regulatory, or risk reduction controls
• Skillful stakeholder engagement including the ability to interact with all levels of management
• Functional and current knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC)
• Proficient verbal and written communication skills including the ability to lead discussions and meetings with internal management, external / internal audit, peer groups, regulators, and senior stakeholders

ABOUT US

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

Equal Opportunity Employer/Disability/Veterans

ABOUT THE TEAM

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.