JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world’s most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/ .
Third Party Vulnerability and Incident Manager (TPVM) is responsible for the execution of the Third Party Vulnerability and Incident Management Framework; The successful candidate will need to have a background in Threat & Vulnerability management, incident escalation management, security operations, Project Management, experience leading others, and the ability to balance a hands-on approach to assist the team, with an ability to direct, and prioritize work.
PRIMARY DUTIES AND RESPONSIBILITIES:
- Responsible for the development, implementation, and execution of the Third Party Vulnerability and Incident Management capabilities
- Work with Cyber when a critical/high vulnerabilities or Third Party incidents are identified, to determine if vendor facing action is necessary; Understand the vulnerability & potential impacts to JPMC through vendors
- Lead Third Party Vendor Vulnerability task force in response to critical or high vulnerabilities.
- Coordinating, enforcing and tracking remediation response validation, including appropriate escalations to various stakeholders including senior management.
- Reporting – updating metrics & appropriate reporting during vulnerability and incidents
- Develop communication plan for vendors and internal stakeholders and obtain appropriate approvals for external communications
- Responsible for continuous improvement and evergreen process of third party vulnerability program application information updates.
- Responsible for driving the end-to-end Third Party Vulnerability Management process for the firm.
- Familiarity with Vulnerability Management practices and Emergency/Incident Response (CERT/CIRT) procedures
- Strong process documentation & project management skills required. Must be detail oriented and excellent with MS Office suite esp SharePoint, Excel (pivots, macros, etc.).
- Knowledge of survey tools e.g.: Survey Monkey, ConfirmIT etc. a plus
- At least 5 years progressive experience in the information security field.
- Experience establishing, partnering across LOBs and establishing good working relationships at all levels of the organization internal & external
- Strong written and oral communication skills to be able to present to a target audience
- Ability to work in a persuasive manner with diverse personnel at all levels of the organization