Enterprise Technology - Cybersecurity & Technology Controls Officer

  • Competitive
  • Singapour, Singapore Singapour Singapore SG
  • CDI, Plein-temps
  • J.P. Morgan
  • 22 juil. 18 2018-07-22

Enterprise Technology - Cybersecurity & Technology Controls Officer

Enterprise Technology - Cybersecurity & Technology Controls Officer. Vice President Cybersecurity & Technology Controls (CTC) is part of the broader Enterprise Technology team under Global Technology that encompasses Global Technology Infrastructure, Corporate Technology, Cloud Services, Strategy, Innovation & Partnerships as well as Strategy & Program Management. Its purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business technology controls officers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
This is an exciting opportunity for a candidate with a strong track record of performance and delivery who is self-motivated, highly focused, detailed and execution-oriented, as well as a team player with a desire to learn and progress within the organization. Technology Control Officers ensure the robust control, security and resiliency of the firm's computing environment, protect customer and employee confidential information and comply with regulatory requirements globally.
Detailed Responsibilities include:-

  • Drive a business strategy focused risk mitigating culture within Enterprise Technology aligned to proactively identify, assess, and manage inherent and residual risks within our platforms and services.
  • Designs and implements processes and tools to govern and execute technology controls in line with the changing risk and regulatory landscape.
  • Well versed with technology regulations from key regulators in APAC such as HKMA, MAS, FSA & others.
  • Consistently promote innovation within the technology control environment whilst driving control optimization, process efficiency, and improved client experience.
  • Strengthen the Enterprise Technology control environment through education, collaboration, and oversight.
  • Drive effective risk mitigating controls designed, deployed, and monitored by the application & Infrastructure owners, developers, and support teams.
  • Provide Governance & Oversight on ET - APAC Risk & Controls environment and ensure consistency in execution, transparency to stakeholders via effective reporting, with a view to ensure a) consistency and transparency & b) ensuring the intent of the remediation / findings is resolved.
  • Executing, ensuring and providing guidance on control-gap remediation; overseeing action plans and resolution of control issues/breaks with LOB partners.
  • Identifies potential risks and works with Technology or Operational Risk to recommend solutions.
  • Oversees and supports LOB in planning and conducting technology controls tests (incl. HA/DR/SR).
  • Monitors of the control environment re: all technical, financial and operations process.
  • Reviews key controls metrics and engaging stakeholders appropriately to ensure adequate control management.
  • Conducts or supporting incident handling and resolution with LOB partners.
  • Leads or participate in steering committees or working groups to drive Technology Control projects and strategies.
  • Oversees the creation of technology DR plans and testing with LOB partners.
  • May include direct accountability for people management / large teams and financial budgeting.
  • Collaborate with Audit, business control functions, and the CTC Technology teams to drive transparent, measurable, and sustainable control improvements.
  • Collaborate with Application Owners on Internal Audits, External Audits, APAC Regulatory on-site Inspections, track & manage regulatory commitments.
  • Support the Risk & Control Self-Assessment (RCSA) process ensuring issues and related action plans are timely documented, assigned, and resolved.
Skills
  • Advanced in several IT Control and Project Management practices; experience in working across large environments.
  • Expert in application and infrastructure high availability and resiliency architectures.
  • Proficient in the following:-
    • Risk and Control Assessments
    • Control Remediation
    • Resource Management
    • Stakeholder Management
    • Partnership and Influence
    • Technology control domains including but not limited to policies and standards, risk and
    • control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection.
    • Vendor Controls Management
Requirements
  • Minimum of 10 years of experience in Information Technology, IT Risk or IT Controls, including the implementation of associated Policies and Standards frameworks.
  • Certification in CISSP, Cybersecurity, Infrastructure Domains & Application Security would be desirable.
  • Ability to be flexible, follow tight deadlines, organize and prioritize work.
  • Clear, concise, and confident communicator (written & verbal).
  • Ability to change direction and adjust priority as needed by senior management.
  • Previous experience in diverse range of technology, risk and control roles.
  • Strategic mindset that can quickly identify how the components of a holistic risk/control program should fit together.
  • Highly motivated team player with excellent analytical, written and verbal communications skills is required.
  • Ability to translate vision and strategy into clear actionable goals, establish priorities and achieve measurable results.
  • Track record of establishing and maintaining collaborative cross-organizational partnerships to achieve results.
  • Ability to persuade and influence is key. Must have ability to be tactful yet assertive.
  • Strong collaboration and negotiation skills.
  • Ability to prioritize and multitask well under pressure.
  • Knowledge of NIST, FFIEC, COBIT and ITIL standards desired.


J.P. Morgan is aplace for talented people from all backgrounds and perspectives because ourclients come from all backgrounds and perspectives. We encourage a culture ofinclusion, where everyone's opinion counts and all employees have the freedomto deliver their absolute best. This is why we work hard and invest inattracting and developing a diverse workforce. Learn more about our Business Resource Groupsin how they help our employees build successful careers and reach their greatestpotential.