CTC Resiliency Lead – Cloud and Cybersecurity

The Cybersecurity and Technology Controls (CTC) organizations objective is to ensure that JPMC is able to effectively detect prevent and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity includes detection and monitoring of threats and vulnerabilities managing security incidents and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firms risk posture.

The CTC Business & Technology Resiliency Lead will drive the design development execution and maintenance of business impact assessments technology and business resiliency and recovery plans for operational resilience across Cybersecurity and Technology Controls (CTC) to ensure critical business processes remain available during a disruption. Ensuring that resiliency is designed across the life cycle of applications thereby driving the timely and successful execution of the Recovery and Resiliency strategy. Work closely with peers from the Cybersecurity Line of Business Technology and Firmwide governance to continue to drive best-in-class resilient applications.

Job Responsibilities:

• Champion the CTC Resiliency team representing the organization in stakeholder engagements.
• Develop execute and maintain business impact assessments resiliency plans and technology recovery strategies for critical business processes and applications.
• Leverage experience in designing implementing and maintaining resilient systems and solutions in cloud environments with a particular emphasis on applying best practices for security availability and disaster recovery. Bring hands-on experience in building and supporting resilient cloud environments with strong familiarity in AWS best practices for security availability and disaster recovery.
• Identify and deliver opportunities to strengthen resiliency through plan review open communication and by driving solutions with team members and function owners. Partner with product leads to create and maintain resiliency documentation.
• Plan execute and coordinate resiliency tests (Recovery Strategy Application and MEPC) as required by regulatory authorities and designated objectives and standards (e.g. tabletop exercises threat-informed scenarios plan remediation testing requirements reporting) including the use of chaos engineering tools such as Gremlin to proactively test and validate system resilience.
• Execute reporting and governance of controls policies issue management and measurements providing senior management with insights into control effectiveness and informing governance activities.
• Monitor control effectiveness identify gaps and recommend enhancements to strengthen risk posture and regulatory compliance. Address non-compliance and partner with application and governance teams to implement timely remediation steps.
• Support crisis management events ensuring effective communication and coordination across all levels of the organization.
• Collaborate with technology business and governance partners to identify risks define recovery objectives and map dependencies including those related to AWS and distributed technologies
• Develop and maintain robust relationships becoming a trusted partner with technologists assessment teams and application owners to facilitate cross-functional collaboration and progress toward shared goals.
  

Required Qualifications & Skills:

• Formal training or certification and 5 years of experience in technology resiliency cloud (especially AWS) infrastructure or security.
• Hands-on experience designing deploying and managing resilient systems in AWS including use of AWS native services for backup recovery high availability and security.
• Experience with chaos engineering tools such as Gremlin to test and improve system resilience in cloud environments.
• Strong knowledge of network architecture cyber risk distributed technologies and business continuity principles.
• Experience with disaster recovery planning testing data analysis and reporting.
• Familiarity with Infrastructure as Code (e.g. Terraform AWS CloudFormation) and automation tools is a plus.
• Experience with regulatory frameworks (NIST FFIEC etc.) and tools such as Excel JIRA and Confluence.
• Data analytics skills using Excel and other data analysis tools.
• Ability to create and promote a culture of continuous process improvement with a risk and controls mindset.
• Proven track record of meeting deadlines delivering results and taking accountability and responsibility for independent workload.
• Strong relationship-building and networking skills across the firms functions and geographies to expand influence knowledge and collaboration with senior leadership.
  

Preferred Qualifications:

• BA/BS Degree or equivalent experience.
• Certifications such as AWS Solutions Architect CISSP.
• Programming experience (Python SQL) is a plus.
• Experience working with auditors.
• Familiarity with JIRA Confluence Alteryx Tableau or Qlik.

#CTC