CIB CTC SDLC Controls Analyst – Associate – Bournemouth
About JPMorgan Chase
J.P. Morgan is a leader in financial services, offering innovative and intelligent solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years and we keep their interests foremost in our minds at all times. This combination of product strength, intellectual capital and character sets us apart as an industry leader. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a global financial services firm with assets of $2.0 trillion.
The number one focus of our organization will always be to protect the firm. Our leadership in security and control is a source of strength and a differentiator for our businesses. We remain committed to sustaining the trust placed in JPMorgan Chase by our employees, partners, customers and clients as the technology, business, regulatory and threat landscapes continue to evolve at an unprecedented pace.
Fundamental to this number one focus is the Cybersecurity and Technology Controls organization who aim to make the firm’s operations more secure and stable by making it easy for employees to adopt and integrate appropriate controls by establishing a controls framework, automating controls during software delivery, and enhancing the firm’s multiyear Access & Identity Management program.
The Corporate and Investment Bank's Cybersecurity & Technology Controls (CIB CTC) organization is fully aligned to the Firms CTC strategy and operating model and will proactively drive CIB's adoption and leverage of CTC's full range of capabilities.
The Software and Platform Enablement product team (SPE) are part of the CIB CTC organization and provide expertise and guidance on the technology control strategy, platform level risk and control strategies to enable common application control solutions to enable business initiatives whilst meeting control objectives. Through defined services provided in partnership with CTC Product and CIB CTC business coverage teams and high visibility of new business/technology pipelines and risk radar, drive enablement focused on all technology control requirements throughout the SDLC.
As a vital part of CIB CTC SPE, the Software Development Lifecycle (SDLC) Controls team provide leadership, agreed best practices, support and training in all necessary aspects of the SDLC Controls spectrum. This service is underpinned with a ‘research’ function to maintain and build on the teams’ knowledge, capabilities and expertise.
We are looking for multi-disciplined forward-looking technologists like you with diverse backgrounds and experiences such as cybersecurity, software development, risk management and controls, compliance and oversight to be part of the team.You will be expected to participate in or lead security activities and programs including but not limited to security training, policy and standards review and implementation, secure development lifecycle, threat modeling and analysis, control assessments, security scans, vulnerability management and software security assurance. You will also be required to work collaboratively with stakeholders within the line of business and the corporate organization, provide counsel and best practices in identifying and resolving complex cybersecurity and technology control technical issues. You must stay abreast of industry and technology changes to deliver secure strong subject matter expertise.
· A good understanding of the software development life cycle, associated controls and touch points across one or more methodologies (Waterfall, Agile and DevOps).
· Practical knowledge of application assessment, application security vulnerabilities, code review methodologies, and secure coding practices
· Proficient understanding of / exposure to non-functional requirements and exposure to information security vulnerability concepts, issues and mitigation methods
· Exposure to information security principles and relevant standards including Access Management, Change Management, Security Incidents and Business Continuity Management and ability to identify, develop and maintain key information security risk and operations processes
· Support influencing large, extended teams spanning multiple organizations. Candidates should feel comfortable working with and building consensus across multiple teams
· Strong written and verbal communication skills, attention to detail, very strong data analysis, both quantitative and qualitative, good reasoning and logic, as well as problem solving abilities
· The successful candidate must be a “self-starter”, able to operate independently within minimum guidance, and produce tangible, measurable results.
About J.P. Morgan’s Corporate & Investment Bank:
J.P. Morgan’s Corporate & Investment Bank is a global leader across banking, markets and investor services. The world’s most important corporations, governments and institutions entrust us with their business in more than 100 countries. With $18 trillion of assets under custody and $393 billion in deposits, the Corporate & Investment Bank provides strategic advice, raises capital, manages risk and extends liquidity in markets around the world. Further information about J.P. Morgan is available at www.jpmorgan.com .
JPMorgan Chase & Co. offers an exceptional benefits program and a highly competitive compensation package. JPMorgan Chase & Co. is an Equal Opportunity Employer.