Associate, Supplier Cybersecurity Controls Assessor

As an Associate, Supplier Cybersecurity Controls Assessor within the Supplier Assurance Services (SAS) team, your role involves performing technology and cybersecurity control assessments of supplier environments. These assessments encompass reviewing infrastructure, application stacks, and other technologies to ensure compliance with JPMC Corporate Policies & Standards. Your responsibilities include validating that technical risks are managed by JPMC Issue Owners and ensuring that security controls are fully implemented. Additionally, you will collaborate with JPMC's Global Cybersecurity and Technology team and JPMC's Lines of Business (LOBs) to address the latest cyber risks in the industry. Your key responsibilities include: - Managing all aspects of the control assessment of suppliers, which involves assessing completed questionnaires and reviewing supporting field work materials to ensure they are comprehensive and align with JPMC expectations. - Leading onsite/virtual assessments, providing expertise on technology and cybersecurity risks and controls. - Identifying and documenting control breaks and vulnerabilities within suppliers" IT environments and working with the LOB Delivery Manager and Information Security Manager to address them through action plans or seek risk acceptance approvals. - Identifying opportunities for process improvements to enhance operational efficiency and improve supplier posture, such as expanded monitoring and key risk indicator tracking. - Supporting internal education and best practices sharing with peers, colleagues, and third-party education and awareness initiatives. - Escalating issues associated with suppliers as necessary. Qualifications, capabilities, and skills required for this role: - 5+ years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third Party Outsourcing Risk Management within a large enterprise-level environment. - Understanding of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, etc. - Strong written and verbal presentation skills at the senior management level. - Experience in debating issues with senior decision-makers and the ability to push back when necessary. Preferred qualifications, capabilities, and skills: - CISSP, CISA, CISM, CCSP, or CRISC certification is a plus.,