JP Morgan Chase Company Profile

PCI - Infrastructure Technology Lead at JP Morgan Chase (Wilmington, DE)

About the Employer

Job Description

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firms Cybersecurity, access management, controls and resiliency teams. The group proactively and strategically  partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The groups number one priority is to enable the business by keeping the firm safe, stable and resilient. We are looking for multi-disciplined forward-looking technologists like you with diverse backgrounds and experiences including in areas such as Cybersecurity, big data, machine learning risk management and controls, compliance and oversight, and cloud security. Description As part of the Global Cybersecurity Technology Controls team, the PCI - Infrastructure Technology Lead is responsible for overseeing PCI strategy, design and best practices.  This is a highly visible role responsible for driving PCI compliance for  Infrastructure teams as they  build and create enterprise products, solutions and platforms. Key Responsibilities: Work with Technology  control owners to strategize solutions that are designed to be continuously in synch with JPMC policies and standards, the ET environment, and compliance with the PCI DSS. Serves as a technical expert with PCI subject matter expertise for the Enterprise Technology function. Includes infrastructure, architecture, and cloud. Leads interaction with all ET product teams for all PCI support activity. Provide leadership and advice on material remediation activities ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process. Coordinate activities and information around multiple projects and initiatives related to PCI as well as other risk and control objectives. Collaborate with Assessment team members and stakeholders on PCI mandated, line of business, and risk and control projects. Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques. Partnering within ET to create and proactively monitor Key Risk Parameters designed to identify non-compliant conditions and assist in remediation with compensating controls (if needed) to address security, risk and control gaps. Aid in training and spreading PCI compliance awareness within the organization Develop and maintain strong business and technology relationships, becoming a trusted partner within ET. Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis Capture, review and analysis of PCI required documentation, ensuring ET readiness for firm-wide assessments. Candidates with a 5-8+ years of experience in technology risk and controls, risk based consulting, and risk assessments.  Minimum of 3-4+  years of experience in PCI . Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field.  Experience within financial services areas is preferred.  Proven skills with the management and implementation and monitoring controls and processes related to PCI DSS Knowledge and prior experience with all domains of Technology Infrastructure. Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment. Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills. Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization. Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver. Aptitude to up-skill and learn new technologies based on dynamic requirements. Evaluating and making recommendations/decisions on technical options as appropriate. Self-starter with high energy to meet the needs of a demanding business and IT environment Preferred Skills: Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice. Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls. Advanced understanding of best practices and company policies. Ability to interact with technical, non-technical, and business members of the organization Knowledge of process-focused methodologies for IT related activities (Change Management, Incident Management, and SDLC). Certification as ISA, CISSP, CISA, or other relevant qualifying certifications Exposure to IT Risk and Process frameworks: PCI DSS, COSO, COBIT, NIST, ITIL.