Associate, Technology Risk and Control - Issue Management

The Supplier Assurance Services (SAS) team is responsible for conducting comprehensive risk assessments of suppliers within JPMCs Corporate Third Party Oversight (CTPO) program. Additionally, SAS plays a crucial role in supporting JPMCs Cybersecurity and Technology functions by designing and implementing controls and processes to enhance the security posture of JPMCs supply chain. SAS operates under Global Supplier Services (GSS) and reports directly to JPMCs Global Head of Corporate Third Party Oversight. The SAS Risk Management function aims to standardize and centralize Assessment quality oversight and Supplier Issue Management activities. As an Associate in the Technology Risk and Control - Issue Management team within Global Supplier Services (GSS), your primary responsibility will be to conduct technology and cybersecurity control reviews. This role involves reviewing findings to ensure alignment with JPMC guidance, engaging with internal stakeholders to address Issue Management queries, collaborating with the LOB Delivery Manager and Information Security Manager to resolve findings through Action Plans and Risk Acceptance, and ensuring that relevant Action Plans/Risk Acceptances are remediated within agreed timeframes. Additionally, you will be responsible for managing the entire Issue Lifecycle, identifying process improvement opportunities, and supporting internal education and best practices sharing with peers and colleagues. Qualifications, capabilities, and skills required for this role include: - 5+ years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third-Party Outsourcing Risk Management in a large enterprise environment. - Understanding of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, etc. - Strong written and verbal presentation skills at the senior management level. - Experience in debating issues with senior decision-makers and the ability to push back when necessary. Preferred qualifications, capabilities, and skills include certifications such as CISSP, CISA, CISM, CCSP, or CRISC.,