Information Risk Lead Job in Wilmington, Delaware US

Information Risk Lead

Third Party Oversight at JPMC views risk and performance of Third Parties comprehensively, across areas such as Information Technology risk, Business Resiliency, Financial Viability, Contract compliance, Performance management, Operational Risk, etc The Corporate Third Party IT Risk Management (TPRM) team has end-to-end responsibility for strategy and governance of IT Risk from Third Parties (TPs). This involves implementing a firm-wide framework to identify, assess and address risks arising from third party (TP) vendors and partners, on a global basis. The Corporate TPRM team is also responsible for the IT Risk management for Firm-wide TPs i.e. vendors used by at least 4 LOBs JPMC is required by the Office of the Comptroller of the Currency (OCC) and other regulatory bodies to ensure that controls are in place with our key Third Parties that are the equivalent to or stronger than those employed internally. The ideal candidate is an experienced IT Risk Management professional with a solid foundation in Risk Identification, Audit and Controls Implementation. As the Lead IRM for Firm-wide TPs, your primary responsibility will be to take full ownership of and to drive comprehensive risk assessment of Firm-wide TPs (some of our largest complex relationships), in accordance with JPMC policy and practices, and ensure that issues are appropriately risk rated and documented for complete resolution or formal acceptance. There are almost 30 Firmwide TPs with 20 or so classified as "high-criticality". The Lead IRM for Firm-wide TPs will partner with LOB (Line of Business) Relationship/Delivery managers, and other appropriate stakeholders to enable timely and complete resolution of remediation plans i.e. a focus on managing risk, not just identifying it. Key responsibilities: Own and execute end-to-end risk assessments for Firm-wide Third Parties. Lead formal scoping meetings to ensure the full scope and complexities of TP services and applicable TP locations are identified, agreed with all impacted LOBs and integrated within the execution of the risk/controls assessment. Partner across LOBs, other Risk functions (ORM, Compliance, Resiliency) and teams to maximize the quality, integration and effectiveness of the risk management coverage. This requires a very proactive, open and communicative approach through all aspects of scoping planning, risk assessment and post-assessment remediation. Engage Domain Experts in various Risk Domains (e.g.: Application Security, Data Protection, Infrastructure security etc.) in order to execute multi-disciplinary deep-dive (SWAT) controls assessments of High criticality Third Parties, where appropriate. Consult/Engage JPMC Subject Matter Experts (SME) as needed, (e.g.: Operational Risk, Sourcing Procurement Services, etc). Determine when on-site control validation is required, and perform on-site assessments where needed. Evaluate independent "audit" assessments (e.g.: SSAE16, ISO, PCI, SIG/AUP, etc?) to determine applicability and opportunity to leverage in the JPMC assessment process. Perform the JPMC Third Party risk assessment using the firm's questionnaire-based tool, ensuring completeness and accuracy of the IRM and TP commentary. Gather evidence of the various security controls in place by performing a review of supporting documentation and/or onsite testing/validation of the controls, as necessary. Interview the Third Party's subject matter experts. Work with approved external assessors for Medium and Low criticality Third Parties, and ensure quality/completeness of their fieldwork. Document assessment findings in the Risk Management tool. Provide guidance to LOBs and/or Third Parties on compensating controls and remediation requirements. Develop creative risk mitigation strategies in conjunction with LOB IRMs. Develop LOB knowledge in order to render risk opinions related to issues identified. Lead formal findings/assessment closure meetings with impacted LOBs, and other internal stakeholders, as well as the Third Party -- to ensure transparency of issues, agree to severity levels, target dates, and responsibility. Formally document mitigation/remediation plans. Complete post review activities including loading questionnaire, scoring assessment and updating Risk Management tools. Document and distribute formal executive summaries with risk opinion. Provide timely program reporting and escalation of issues. Update various internal reporting metrics. Partner with LOB Relationship/Delivery Manager to ensure closure/management of risk issues (Remediation Plans/RPs), or appropriate approval (Non-Compliance Acceptances/NCAs). Secure Business Owner approval for assessment outcomes, RPs and NCAs.

• Admin

  New
  • Log in

• Recent Jobs

  • Full Stack Engineer
  • Senior Full Stack Developer
  • Software Developer Engineer
  • iOS/Android Developer
  • DevOps for Connected Heating Systems
  • IT Architect
  • Agile Scrum Coach
  • HTML5 Front End Developer
  • .Net Developer (Switzerland)
  • Software Testers

• Categories

  • Financial
  • General
  • Healthcare
  • Technology

• Archives

  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015

• Tags

  Accounting & Finance careers in the Australia Accounting & Finance careers in the Hong Kong SAR Accounting & Finance careers in the Singapore Accounting & Finance careers in the UK Accounting & Finance careers in the USA Accounting) Alabama Us Alberta Canada Arizona Us Asset Management Asset Management careers in the Hong Kong SAR Asset Management careers in the UK Asset Management careers in the USA Associate AVP Baden Württemberg Germany Bayern Germany Business Analyst California Us Call Centres Capital Markets Capital Markets careers in the UK Colorado Us Commodities Commodities careers in the UK Compliance Connecticut Us Consultancy Corporate Banking Credit Debt Derivatives Director District Of Columbia Us Driver Equities Equities careers in the UK Fixed Income) Fixed Income careers in the UK Florida Us Foreign Exchange F recruitment Georgia Us Home Counties Uk Ile Of France France Illinois Us Indiana Us Information Technology careers in the Hong Kong SAR Information Technology careers in the Singapore Information Technology careers in the UK Information Technology careers in the USA Investment Banking Iowa Us Kansas Us Kentucky Us Legal London recruitment London Uk Louisiana Us M & A careers in the UK Manager Maryland Us Massachusetts Us Michigan Us Midlands Uk Minnesota Us Missouri Us Money Markets New Jersey Us New South Wales Australia New York Us Noord Holland Netherlands Nordrhein-Westfalen Germany North Carolina Us North West Uk Ohio Us Oklahoma Us Ontario Canada Operations careers in the UK Oregon Us Pennsylvania Us Private Banking Project Manager Queensland Australia Risk Management careers in the UK South Australia Australia South Carolina Us Southern Uk South West Uk Tennessee Us Texas Us UK Victoria Australia Virginia Us VP Washington Us Western Australia Australia Wisconsin Us Yorkshire Uk Zuid Holland Netherlands

• Links

  • Name.ly
  • Who-El.se?

• RSS

  • Entries (RSS)
  • Comments (RSS)