Our Information Security professionals are passionate about information security and control solutions for computing environments. While collaborating with a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, providing technology risk oversight in compliance with regulatory obligations, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets
Want more jobs like this?
Get jobs in Luxembourg City, Luxembourg delivered to your inbox every week.
As a Vice President Information Security Manager within our Information Security team, you will be passionate about information security and control solutions for computing environments. You will collaborate with a world-class team of technology experts, partnering with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You will leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Your responsibilities will include offering guidance, providing technology risk oversight in compliance with regulatory obligations, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
Job responsibilities:
- Provide technology risk oversight over how J.P. Morgan Asset Management Europe (JPMAME) adopts technology to support, enable and enhance its Business Objectives while complying with the Firm's global policies and it's regulatory compliance requirements.
- Through strong risk leadership and collaboration with partners, ensure the security of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements as e.g., mandated by the Commission de Surveillance du Secteur Financier (CSSF) as the National Competent Authority (NCA).
- Provide risk oversight over the Information and Communication Technology (ICT) Outsourcing governance framework which is driven by local regulatory obligations - such as, CSSF circlular 22/806 on ICT Outsourcing which requires all outsourced ICT activities and/or provisions of service provided by either J.P. Morgan affiliate or an external third party to be identified, measured, monitored and controlled in compliance with stated regulatory obligations.
- Provide independent oversight over technology and cybersecurity risks associated with the overall JPMAME governance framework. Execute on ICT governance tasks that contribute to ensuring effective ICT Performance Management and that service levels, vendors, risks, cyber threats, and budgets are carefully managed and meet overall business expectation.
- Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution and identifying the root cause/key themes.
- Interface with technology and application development teams on an on-going basis for business-as-usual risk activities, reporting, and project initiatives.
- Serve as subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, outsourcing (IT and Cloud) and application security
- Evaluate regulatory changes relating to cybersecurity and technology impacting the legal entity
- Create and present management packs in steering committees and governance forums
Required qualifications, capabilities and skills
- At least 5+ years of experience in Information Security
- Advanced knowledge of multiple IT control and project management practices, plus experience working across large environments
- Great communication skills and ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Ability to explain complex technology and security risks to non-technical audiences
- Strong proficiency in MS Office tools and proven track record of creating high quality deliverables for both internal and external stakeholders
- Expertise in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, third party risk management and data protection
- Analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement
- Expertise in application and infrastructure high-availability and resiliency architectures
Preferred qualifications, capabilities and skills
- Certified in CISA, CISM, CRISC, CISSP, CCSP or similar
- Expertise in relevant regulations, like the EBA Guidelines on ICT and Security Risk Management or the EBA Guidelines on Outsourcing Arrangements, CSSF Circulars, and/or ISO27001, GDPR and NIST frameworks
- Experience in creating and monitoring security KPIs and KRIs
- Ability to create dashboards via data visualization tools such as Power BI or Tableau
- Experience across architecture security and cloud security
ABOUT US
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
ABOUT THE TEAM
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.