Technology & Cybersecurity Operational Risk Manager
J.P. Morgan
Senningerberg, Luxembourg, Luxembourg
il y a 1j

About Technology & Cybersecurity CCOR

Technology & Cybersecurity CCOR (Compliance, Conduct and Operational Risk) is a firm-wide group with oversight responsibility for the implementation of the risk management framework for Global Technology.

Tech and Cyber CCOR interacts directly with executive leadership, key functional areas of Technology, and Operational Risk Officers across lines of business.

Our organization is focused on cultivating a stronger, unified culture that embraces a sense of personal accountability for developing the highest corporate standards in technology governance and controls across the firm.

Business priorities are built around the need to strengthen and guard the firm from the many risks we face, financial rigor, risk discipline, fostering a transparent culture and doing the right thing in every situation.

We are equally focused on nurturing talent, respecting the diverse experiences that our team of professionals brings and embracing an inclusive environment.

Technology & Cybersecurity Operational Risk Manager

Key responsibilities include :

Drive the development of the regional and legal entity alignment to CCOR framework , including IT Risk Profile, KRIs, Loss Data, CORE and Scenario Analysis, as well as, liaise with EU regulators in respect of Operational Risk matters, as needed.

Significant Event Reviews - Review significant events (including security events) over a defined economic threshold, including but not limited to, examination of event and resolution, back-testing against the firm’s risk management framework results, metrics, escalations, reporting, and scenarios

Continuous Testing & Monitoring - Perform oversight of operational risks through participation in Control Committees, senior level work streams, major change management programs, point-in-time issue escalation, industry and regulatory meetings, internal strategic efforts and review of internal operational risk events

Ensure consistent Information Security Governance processes exist across EU legal entities and provide updates as required to management (including Management Board members as needed)

Emerging Risk Assessment - Participate in assessment of emerging risks as part of strategic business risk reviews, analysis of regulatory and market developments, New Business Initiative Approvals and review of external operational risk events

Key Risk and Performance Indicators & Analytics - Governance of Key Performance Indicators including analysis of trends, outliers and underlying drivers, including support for the quarterly firm-wide Qualitative Operational Risk Appetite process

Work with technology, operational, procurement and data protection stakeholders to ensure appropriate processes, roles and controls are in place to manage and govern the cloud computing environment and its daily operations

Stay abreast of EU Industry news and regulatory developments to facilitate a more proactive approach to risk identification and mitigation.

Review root cause analysis on internal Tech operational risk events and those that occur externally in the industry

The role supports the JPMBL Information Security Officer :

Provide oversight of technology and cyber security controls across JPMBL and other EU entities

Monitor the implementation and effectiveness of control solutions across JPMBL Technology

Ensure robust and effective regulatory engagement and compliance of JPMBL Technology

Ensure the implementation of appropriate policies, standards and procedures to reduce the risk of loss of confidential data

Ensure that appropriate incident response procedures are in place and integrated with Corporate event management

Oversee the promotion of a risk and security aware culture and capability amongst all stakeholders as executed by the 1st Line of Defence Cybersecurity & Technology Controls (CTC) organisation

Qualifications :

5+ years’ experience in technology with recent experience focused on financial services highly desired

EU Technology regulations knowledge is a must (i.e. CSSF, EBA Guidelines etc.)

Knowledge and experience with Information Security and Risk Management standards and frameworks such as NIST, MITRE ATT&CK, FAIR and ISO 27001 / 27002

Knowledge of modern development practices and supporting toolsets (e.g. Agile, DevOps, Git)

Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required

Understanding of technology risk management and control principles with a proven ability to anticipate and identify risks and effective mitigating actions

Knowledge of current and emerging technologies and threat vectors

Adept at developing relationships with strong stakeholder management skills with the confidence to take ideas forward and to challenge others, where appropriate

Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results with a high level of professionalism, self-motivation, and integrity

Bachelor’s Degree in Computer Science, Computer Engineering, Engineering, Information Security or related field; post-graduate degree a plus

Experience in technology development and operational risk oversight within the financial services industry.

CISSP, CCSP, CISA, CISM, CRISC is beneficial

Signaler cette offre d'emploi

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Mon email
En cliquant sur « Continuer », je consens au traitement de mes données et à recevoir des alertes email, tel que détaillé dans la Politique de confidentialité de neuvoo. Je peux retirer mon consentement ou me désinscrire à tout moment.
Formulaire de candidature