Excited by the opportunity to build innovative digital retail banking products and services in a start-up environment, backed by one of the leading financial service providers worldwide?
Join us at JPMorgan & Chase Co. at our newest European hub for Chase bank, located in the heart of Berlin. In this exciting chapter of continued growth and expansion for Chase, as a passionate Senior Tech Risk and Controls Manager you will be responsible for providing guidance and solutions that assist in the management of cybersecurity and technology risk for the firm.
Working with our cybersecurity team, you’ll be at the forefront of innovation designed to strengthen our operations.
Working in Cybersecurity and Technology Controls (CTC), you'll design and implement processes, governance controls and tools that safeguard the firm's computing environment. You will have the opportunity to explore a wide range of cybersecurity and technology risk management topics and engage directly with engineering, business, and other control functions to collaborate and solve problems that allow us to create trust at scale. Managing risks and overseeing cybersecurity and technology, you'll gain key insight into today's complex risk and regulatory landscape.
Job responsibilities:
Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution and identifying the root cause/key themes. Provide guidance and advice to technology teams and ensure controls are hardened through testing and as part of production deployments. Provide first line oversight and monitoring of key risks across technology, including core architecture and infrastructure, data management, development, and cyber security. Support regional oversight and governance by leveraging specific KPIs and KRIs. Work closely with the security architecture teams to ensure security controls are reviewed as part of new product designs or current product enhancements. Interface with technology and other supporting corporate functions on an on-going basis for business-as-usual risk activities, reporting, and project initiatives. Evaluate regulatory and policy changes relating to cybersecurity and technology impacting the International Consumer business. Partner with Product Security, Controls, Business and Engineering to raise awareness and drive improvements in Cybersecurity landscape.
Required qualifications, capabilities, and skills
Deep understanding in relevant regulations related to Retail Banking in Germany as well as the EBA Guidelines on ICT and Security Risk Management or the EBA Guidelines on Outsourcing Arrangements, and/or ISO27001, DORA, GDPR and NIST frameworks. Knowledge in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, third party risk management and data protection with experience in medium to large environments. Analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement Experience working with Cloud and relevant modern engineering practices, such as containerization, access management, monitoring and/or CI/CD security. Understanding in application and infrastructure high-availability and resiliency architectures Ability to collaborate and navigate organizational levels/boundaries to safeguard the firm's computing environment in a complex risk and regulatory landscape Ability to clearly translate and communicate cyber risk via written, verbal and presentation formats to various stakeholders in Cyber, Technology and Business. Excellent communication skills in German and English
Preferred qualifications, capabilities and skills
5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessment, and mitigation Certified in CISA, CISM, CRISC, CISSP, CCSP, ISO/IEC 27001 Lead Implementer or similar Deep understanding of IT risk management operating models, three lines-of-defense frameworks, integrated risk management practices, and/or risk intelligence capabilities. Experience operating within a regulated industry.