Assessments Exercises Director -- Strategy Transformation and Governance Lead
Assessments Exercises Director -- Strategy Transformation and Governance Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Spearhead cuttingedge security strategies and resilience initiatives shaping the future of cybersecurity.
As an Assessments & Exercises Director in the Cyber and Tech Controls line of business you will lead key efforts to enhance the firms cybersecurity or resiliency posture. Plan and implement testing engagement to proactively identify risks and vulnerabilities in people processes and technology using advanced assessment methodologies and techniques. Spearhead the resolution of the most complex cyber and resiliency risks facing the firm drawing on your extensive experience in conducting assessments across different systems networks and architectures. Your ability to analyze and articulate the inner workings of complex vulnerabilities will enable the firm to enhance its security strategy and mitigate cyber and resiliency risks.
JPMCs Assurance Operations organization is seeking a dynamic and strategic leader to fill the organizations Strategy Transformation and Governance Lead position. This role is pivotal in driving the transformation and operational efficiency of Assurance Operations with a focus on optimizing delivery processes enhancing communication with our stakeholders and managing regulatory and audit requests. The Strategy Lead will provide strategic support and direction to the firms internal team of highly skilled Offensive Security testers who conduct cybersecurity assessments (e.g. Red Team Purple Team Penetration Testing) to replicate cybersecurity threats targeting the firm. The Strategy Lead will lead a small team and be responsible for developing standardized intake and prioritization processes managing vendor relationships and overseeing budget and resource allocation. The ideal candidate will have a proven track record in strategic leadership regulatory engagement and operational management with the ability to foster collaboration and drive strategic initiatives across the organization. This role requires excellent communication skills a strong understanding of cybersecurity assessments and the ability to manage complex projects and teams effectively.
Job responsibilities
- Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
- Lead the successful of riskdriven testing and simulations such as penetration tests technical controls assessments cyber exercises or resiliency simulations and the development of comprehensive assessments reports including actionable recommendations report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
- Influence and partner with crossfunctional teams to make datadriven decisions that lead to continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats vulnerabilities industry best practices and regulations and lead engagement with internal and external stakeholders including industry peers and government agencies to share insights and contribute to the development of cybersecurity and resiliency policies
Required qualifications capabilities and skills
- Extensive experience in cybersecurity or resiliency with demonstrated ability to implement complex assessments or exercises collaboratively with diverse stakeholders subject matter experts and senior leaders
- Proven ability and experience managing teams of technical staff or ability to create long term strategic plans and experience conducting process improvement based on operational lessons learned and threat intelligence inputs. Should have a strong understanding of networking fundamentals (all OSI layers protocols) Windows/Linux/Unix/Mac operating systems system and software vulnerabilities and exploitation techniques and web application vulnerabilities and exploitation techniques
- Technical knowledge or experience developing in house scripting using interpreted languages such as Ruby Python or Perl compiled languages such as C C C# or Java and security tools or technology such as Firewalls IDS/IPS EDR Web Proxies DLP and the ability to articulate and visually present complex Penetration Testing and Red Team results
- Strong understanding of the current threat landscape and resiliency concerns national and international laws regulations policies and ethics related to cybersecurity or resiliency
- Demonstrated expertise in security assessment methodologies threat intelligence utilization control evaluation techniques or resiliency testing
- Experience developing and presenting briefings to senior leaders and large audiences in addition to meeting facilitation conflict resolution and providing program updates to senior leaders regulators and industry groups
Preferred qualifications capabilities and skills
- BS/MS degree or equivalent
- Intelligence Community background or understanding of the financial sector or other large security and IT infrastructures
- Possess relevant industry certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Offensive Security (OSCP OSEP OSED OSEE OSCE) SANS (GPEN GXPN GWAPT) CREST/Tiger Scheme Certified Tester and detailed knowledge of current international best practices in privacy and information security
Required Experience:
Director
Employment Type
Full-Time
