Assessments & Exercises Vice President -- Delivery & Strategy

Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in the Cybersecurity and Tech Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

JPMC’s Assurance Operations organization is seeking a customer-driven individual to join the organization’s Strategy, Transformation, and Governance Team as a Delivery and Strategy Lead. This role is pivotal in driving the transformation and operational efficiency of Assurance Operations, with a focus on optimizing delivery processes, enhancing communication with our stakeholders, and managing regulatory and audit requests. The position will provide strategic support and direction to the firm’s internal team of highly skilled Offensive Security testers who conduct cybersecurity assessments (e.g. Red Team, Purple Team, Penetration Testing) to replicate cybersecurity threats targeting the firm. The position will be responsible for executing and improving standardized intake and prioritization processes while efficiently handling resource allocation. The ideal candidate will have a proven track record in customer engagement, regulatory engagement, and operational management, with the ability to foster collaboration and drive strategic initiatives across the organization. This role requires excellent communication skills, a strong understanding of cybersecurity assessments, and the ability to manage complex projects effectively.

Job responsibilities 

• You will use your leadership skills to give guidance, advise on best practices, and support our business and technology groups
• You will deploy new processes and policies to strengthen our strategic roadmap. The role involves a high level of stakeholder management and will suit an individual with excellent client facing skills who has an understanding of how to develop brand awareness and build a network of business contacts to develop stability, capacity, and resiliency of our offerings
• Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
• Support the successful execution of risk-driven testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations – and the development of comprehensive assessments reports including actionable recommendations, report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
• Influence and partner with cross-functional teams to make data-driven decisions that lead to continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations and lead engagement with internal and external stakeholders – including industry peers and government agencies – to share insights and contribute to the development of cybersecurity and resiliency policies

Required qualifications, capabilities, and skills

• 5 years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises 
• Proven ability with at least 2 years of experience managing teams of technical staff, or ability to create long term strategic plans, and experience conducting process improvement based on operational lessons learned and threat intelligence inputs
• Experience and knowledge of operations, risk and controls management processes & principles, audit requirements related to cybersecurity, and threat and vulnerability management best practices
• Ability to execute flawlessly and handle multiple projects simultaneously and independently while maintaining a high degree of communication between multiple stakeholders
• Use in house systems to respond to line of business requests and review information and make informed technical and operational decisions.
• Should have a strong understanding of networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, system and software vulnerabilities and exploitation techniques, and web application vulnerabilities and exploitation techniques
• Technical knowledge or experience developing in house scripting, using interpreted languages such as Ruby, Python, or Perl, compiled languages such as C, C , C#, or Java, and security tools or technology such as Firewalls, IDS/IPS, EDR, Web Proxies, DLP and the ability to articulate and visually present complex Penetration Testing and Red Team results
• Strong understanding of the current threat landscape and resiliency concerns, national and international laws, regulations, policies, and ethics related to cybersecurity or resiliency
• Demonstrated expertise in security assessment methodologies, threat intelligence utilization, control evaluation techniques, or resiliency testing
• Experience developing and supporting briefings to senior leaders and large audiences, in addition to meeting facilitation, conflict resolution, and providing program updates to senior leaders, regulators, and industry groups

Preferred qualifications, capabilities, and skills

• BS/MS degree or equivalent
• Intelligence Community background or understanding of the financial sector or other large security and IT infrastructures
• Possess relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), SANS (GPEN, GXPN, GWAPT), CREST/Tiger Scheme Certified Tester, and detailed knowledge of current international best practices in privacy and information security