About Technology & Cybersecurity CCOR
Technology & Cybersecurity CCOR (Compliance, Conduct and Operational Risk) is a firm-wide group with oversight responsibility for the implementation of the risk management framework for Global Technology.
Tech and Cyber CCOR interacts directly with executive leadership, key functional areas of Technology, and Operational Risk Officers across lines of business.
Our organization is focused on cultivating a stronger, unified culture that embraces a sense of personal accountability for developing the highest corporate standards in technology governance and controls across the firm.
Business priorities are built around the need to strengthen and guard the firm from the many risks we face, financial rigor, risk discipline, fostering a transparent culture and doing the right thing in every situation.
We are equally focused on nurturing talent, respecting the diverse experiences that our team of professionals brings and embracing an inclusive environment.
Technology & Cybersecurity Operational Risk Manager
Key responsibilities include :
Drive the development of the regional and legal entity alignment to CCOR framework , including IT Risk Profile, KRIs, Loss Data, CORE and Scenario Analysis, as well as, liaise with EU regulators in respect of Operational Risk matters, as needed.
Significant Event Reviews - Review significant events (including security events) over a defined economic threshold, including but not limited to, examination of event and resolution, back-testing against the firm’s risk management framework results, metrics, escalations, reporting, and scenarios
Continuous Testing & Monitoring - Perform oversight of operational risks through participation in Control Committees, senior level work streams, major change management programs, point-in-time issue escalation, industry and regulatory meetings, internal strategic efforts and review of internal operational risk events
Ensure consistent Information Security Governance processes exist across EU legal entities and provide updates as required to management (including Management Board members as needed)
Emerging Risk Assessment - Participate in assessment of emerging risks as part of strategic business risk reviews, analysis of regulatory and market developments, New Business Initiative Approvals and review of external operational risk events
Key Risk and Performance Indicators & Analytics - Governance of Key Performance Indicators including analysis of trends, outliers and underlying drivers, including support for the quarterly firm-wide Qualitative Operational Risk Appetite process
Work with technology, operational, procurement and data protection stakeholders to ensure appropriate processes, roles and controls are in place to manage and govern the cloud computing environment and its daily operations
Stay abreast of EU Industry news and regulatory developments to facilitate a more proactive approach to risk identification and mitigation.
Review root cause analysis on internal Tech operational risk events and those that occur externally in the industry
The role supports the JPMBL Information Security Officer :
Provide oversight of technology and cyber security controls across JPMBL and other EU entities
Monitor the implementation and effectiveness of control solutions across JPMBL Technology
Ensure robust and effective regulatory engagement and compliance of JPMBL Technology
Ensure the implementation of appropriate policies, standards and procedures to reduce the risk of loss of confidential data
Ensure that appropriate incident response procedures are in place and integrated with Corporate event management
Oversee the promotion of a risk and security aware culture and capability amongst all stakeholders as executed by the 1st Line of Defence Cybersecurity & Technology Controls (CTC) organisation
5+ years’ experience in technology with recent experience focused on financial services highly desired
EU Technology regulations knowledge is a must (i.e. CSSF, EBA Guidelines etc.)
Knowledge and experience with Information Security and Risk Management standards and frameworks such as NIST, MITRE ATT&CK, FAIR and ISO 27001 / 27002
Knowledge of modern development practices and supporting toolsets (e.g. Agile, DevOps, Git)
Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required
Understanding of technology risk management and control principles with a proven ability to anticipate and identify risks and effective mitigating actions
Knowledge of current and emerging technologies and threat vectors
Adept at developing relationships with strong stakeholder management skills with the confidence to take ideas forward and to challenge others, where appropriate
Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results with a high level of professionalism, self-motivation, and integrity
Bachelor’s Degree in Computer Science, Computer Engineering, Engineering, Information Security or related field; post-graduate degree a plus
Experience in technology development and operational risk oversight within the financial services industry.
CISSP, CCSP, CISA, CISM, CRISC is beneficial