Technology & Cybersecurity Information Security Officer (ISO)

JPMorgan Chase is a leading global financial services firm with assets of $2.5 trillion and operations in more than 60 countries. The firm is a leader in investment banking, commercial banking, financial services for small business and consumers, financial transaction processing, asset management and private equity.

About Technology & Cybersecurity CCOR

CCOR Technology & Cybersecurity ("CCOR Tech & Cyber") is a group within the Compliance, Conduct and Operational Risk (CCOR) organization and is responsible for the design and oversight of the second line of defence independent risk management program for technology and cybersecurity risks, leveraging the Operational Risk Framework, regulatory guidance and laws, rules, and regulations.

CCOR Tech & Cyber is seeking a talented candidate for a Vice President role in Switzerland. The EMEA Tech & Cyber team is responsible for the successful implementation and execution of the CCOR Tech & Cyber framework across the region and provides second line of defence challenge and oversight to the technology and cybersecurity partners. It also plays a critical role in key initiatives, oversight of programs and regulatory engagement.

The position reports to the EMEA head of Technology & Cyber CCOR and represents an excellent opportunity for a candidate to:

• Drive the development of the operational risk management practice in a fast-paced and growing business environment.
• Develop knowledge in technology and cybersecurity domains.
• Understand third party risks as applied to technology.
• Partner with the local and global teams across Technology, Cybersecurity and the Compliance, Conduct and Operational Risk (CCOR) organization

Key responsibilities include:

• Provide oversight of technology and cybersecurity controls across the Swiss entities as well as partnering with the local line of business Operational Risk Managers and Information Security Officers in other regions.
• Ensure consistent Information Security Governance processes exist across the legal entity and provide updates as required to management.
• Drive the development of the regional and legal entity alignment to CCOR framework, including IT Risk Profile, KRIs, Loss Data, CORE and Scenario Analysis, as well as, liaise with local regulators in respect of Operational Risk matters, as required.
• Ensure the implementation of appropriate policies, standards, and procedures to reduce the risk of loss of confidential data.
• Ensure that appropriate incident response procedures are in place and integrated with Corporate incident management. Lead significant event reviews (including security events) that exceed thresholds, including but not limited to, examination of event and resolution, back-testing against risk assessment results, metrics, escalations, and reporting.
• Oversee the promotion of a risk and security aware culture and capability amongst all stakeholders as executed by the first line of defence Cybersecurity & Technology Controls (CTC) organisation
• Provide oversight of operational risks through participation in Control Committees, senior level workstreams, major change management programs, point-in-time issue escalation, industry and regulatory meetings, internal strategic efforts, and review of internal operational risk events.
• Stays abreast of industry news and regulatory developments to facilitate a proactive approach to risk identification and mitigation.

Qualifications:

• Extensive experience in technology / technology development and operational risk oversight with experience within the financial services industry highly desired.
• Local regulatory knowledge as it applies to cybersecurity, data safeguarding and technology.
• Knowledge and experience with Information Security and Risk Management standards and frameworks such as NIST, MITRE ATT&CK, FAIR and ISO 27001/27002 and modern development practices and supporting toolsets (e.g. Agile, DevOps, Git)
• Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required
• Understanding of technology risk management and control principles with a proven ability to anticipate and identify risks and effective mitigating actions

• Adept at developing relationships with strong stakeholder management skills with the confidence to take ideas forward and to challenge others, where appropriate
• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results with a high level of professionalism, self-motivation, and integrity
• Bachelor’s Degree in Computer Science, Computer Engineering, Engineering, Information Security or related field; post-graduate degree a plus
• Professional certifications such as CISSP, CCSP, CISA, CISM, CRISC are beneficial

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.