Job Description
While supporting the objectives of CTC, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats within CCB technology. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across CCB technology.ResponsibilitiesThe Information Security Manager (ISM) Governance, Risk & Controls (GRC) Support Analyst will be the primary point of contact for CCB AOs and ISMs for assistance with, and understanding of, GRC products. In this capacity, the GRC support analyst will serve as the first point of contact for CCB ISMs in need of assistance with GRC product-related requests, socializing GRC product changes, cascading communications, and driving adoption among the CCB LOB stakeholders. This first level of support includes responding to ISM inquires, providing guidance on access requests, approving access requests, updating system information (example: updating Primary ISM assigned to applications), conducting Assessment toll gate checks for SEAL workflow requests, and maintaining CCB's GRC product confluence pages as a predominate source of information for CCB ISMs.The GRC Support Analyst will be expected to:Know the firm's Governance, Risk & Compliance policies, standards & controls (i.e. requirements for Risk Treatment, Assessments, and Application Profiles.)Assist in communications to ensure CCB ISMs understand what is required of them for compliance to the standards, monitor for compliance and engage with ISMs to drive corrective actions where necessary.Maintain knowledge of the GRC tools (products such as ITRC, AOS, FARM,SEAL etc.) used, as well as the processes built around those tools, and be able to apply that knowledge to assist ISMs with frequently asked questions and friction points.Provide first line support to the CCB ISMs and AOs for use of the GRC products and execution of the GRC required processes.Champion the adoption of product and process enhancements through forum presentations, and office hours, as well as maintain reference material including confluence pages.Assist the Team Lead with communications to socialize assessment transformation work in progress including roll-out of control procedure bulk assessment and automated measurements.Partner with CCB domain representatives to model pro formas, identify impact and cascade communications within the CCB ISM & Technology organizations.Maintain awareness of the Governance, Risk & Controls ecosystem including the products and lifecycle for:Identifying risk,Establishing / uplifting controls to address the risk,Measuring for operating effectiveness of those controls,Treating (remediating) instances where controls are ineffective, andProviding governance over the ecosystem through monitoring and reporting.Partner with fellow CCB ISM champions of related GRC products to ensure CCB ISMs and AOs have a clear understanding of the overall GRC ecosystem, including inputs, outputs and the net business meaning and impact to CCB Technology.Develop and maintain strong business and technology relationships, becoming a trusted partner to these groupsIdentify friction points and enhancement opportunities for GRC processes and productsRequired QualificationsThis role requires a wide variety of strengths and capabilities, including:3+ years of experience in risk, controls and/or audit role with solid understanding of technology.Experience with control evaluation and knowledge of GRC framework a plus.Highly motivated team player with excellent analytical, written and verbal communication skills.Ability to quickly analyze and understand control evaluation steps and methodsStrong communication skills with ability to translate technical and non-technical jargon to commonly understood terminologyProfessional presence with ability to articulate technical risks in terms of business impactStrong understanding of the following: Atlassian Tools (Jira and Confluence), Microsoft Office (PowerPoint, Word, Outlook, Excel), networking fundamentals (all OSI layers, protocols)Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goalsProven comfort working across large complex environments in virtual settings with ability to quickly acclimateAbility to understand CTC vision and strategy and translate into clear actionable goals, establish priorities and achieve measurable resultsProficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protectionStrong influencing skills, comfortable executing against recommendations and plans by overcoming barriers and resistanceExperience utilizing tools such as Tableau, AlteryxCommitted to continuous improvement and applying latest techniques for agile, work visualization, waste elimination and deliverySix Sigma or Project Management certification is preferredHighly proficient with presentation software, and creating/presenting narrativeKnowledge of process-focused methodologies for IT related activities (Data Protection, Information Security, Change Management, Incident Management, and SDLC)Exposure to IT Risk and Process frameworks: COBIT and NIST FrameworksBachelor's degree in Cyber Security or related field is preferredCTC (Cybersecurity & Technology Controls)The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.Tech @ JPMCWhen you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 20 technology centers worldwide, our team of 50,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $10B+ annual investment in technology enables us to hire people to create innovative solutions that will are transforming the financial services industry.At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gende