JPMorgan Chase Corporate, Cybersecurity Operational Risk Management – Control Oversight Manager, Security Operations – ED in Plano, Texas

JPMorgan Chase is a leading global financial services firm with assets of $2.5 trillion and operations in more than 60 countries. The firm is a leader in investment banking, commercial banking, financial services for small business and consumers, financial transaction processing, asset management and private equity.

Cybersecurity Operational Risk Management (ORM) is a firm-wide group within Risk Management with oversight responsibility for the implementation of the JPMC Operational Risk Management Framework (ORMF) for the cybersecurity function. Cybersecurity ORM is responsible for ensuring the businesses understand cybersecurity risks that could impact capital, earnings, reputation or business opportunities and has robust standards, controls and practices in place to mitigate these risks. The Cybersecurity ORM is the 2 nd Line of Defense (2LOD) and interacts directly with executive leadership, key functional areas of Cybersecurity, Technology and Operational Risk across the lines of business. Cybersecurity ORM is responsible for the review of information regarding key components of the ORMF for cybersecurity and technology and ensuring appropriate analysis, challenge, escalation and reporting to executive management and relevant committees.

Cybersecurity Operational Risk Management – Control Oversight Manager, Security Operations

The Control Oversight function covers the “control universe” of Technology and Cybersecurity Risks and is aligned with Global Technology’s unified IT Controls policy providing: Consistency of Policy in style and format, reduced risk of overlap and/or gaps between policy areas, alignment with the standardized technology controls taxonomy, alignment with technology controls governance (i.e. Control Design Authority (CDA) per domain)

This role is accountable for Control Oversight of the Security Operations domain:

Detecting and responding to security threats against people and technology assets. Scope includes data loss prevention; threat analysis and detection; security operations; and incident response.

Key Responsibilities:

  • Act as the domain manager and technical subject matter expert (SME) for risks in in the Cybersecurity domain

  • Independently identify and assess inherent risks, mitigating controls, and residual risks

  • Recommend uplifts to meet policy, regulatory, and industry practices

  • Review material operational risk events that exceed loss thresholds or are escalated to a Control Committee

  • Serve as subject-matter expert (SME) during assessment activities such as RCSA, Application & Infrastructure Independent Challenge, and for Independent Operational Risk Assessments

  • Challenge and approve program Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)

  • Perform targeted reviews of areas with increasing operational risk

  • Participate in the development and quantification of operational risk stress scenarios

  • Act as the domain manager and technical subject matter expert (SME) for risks in a particular Technology, Cybersecurity or Risk domain

  • Independently identify and assess inherent risks, mitigating controls, and residual risks

  • Recommend uplifts to meet policy, regulatory, and industry practices

  • Review material operational risk events that exceed loss thresholds or are escalated to a Control Committee

  • Serve as subject-matter expert (SME) during assessment activities such as RCSA, Application & Infrastructure Independent Challenge, and for Independent Operational Risk Assessments

  • Challenge and approve program KRIs and KPIs

  • Perform targeted reviews of areas with increasing operational risk

  • Participate in the development and quantification of operational risk stress scenarios

  • Knowledge of the JPMC technical environment and standards is advantageous

  • Confidence to take ideas forward and to professionally challenge others, where appropriate

  • Adept at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.