Associate, Technology Risk and Control - Issue Management

The Supplier Assurance Services (SAS) team is responsible for conducting comprehensive risk assessments of suppliers as part of JPMCs Corporate Third Party Oversight (CTPO) program. In addition, SAS plays a key role in supporting JPMCs Cybersecurity and Technology functions by implementing controls and processes to enhance the security posture of the supply chain. SAS operates within Global Supplier Services (GSS) and reports directly to the Global Head of Corporate Third Party Oversight. The SAS Risk Management function aims to standardize and centralize the quality oversight of assessments and Supplier Issue Management activities. As an Associate in the Technology Risk and Control - Issue Management team at GSS, your primary responsibility will be to conduct technology and cybersecurity control reviews. This involves reviewing findings to ensure alignment with JPMC guidance, validating closure evidence, and collaborating with internal stakeholders to address Issue Management queries. You will work closely with the LOB Delivery Manager and Information Security Manager to resolve findings through Action Plans and Risk Acceptance. Additionally, you will manage the entire Issue Lifecycle, including identification, creation, modifications, extensions, and validation of closure evidence. It is important to engage with Business Partners to ensure timely remediation of relevant Action Plans and Risk Acceptances. Furthermore, you will be responsible for understanding the Supplier Risk Assessment process, identifying process improvement opportunities, and sharing internal education and best practices with peers and colleagues. The ideal candidate for this role should have at least 5 years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third-Party Outsourcing Risk Management within a large enterprise environment. Knowledge of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, and others is essential. Strong written and verbal communication skills are required, particularly at the senior management level. The ability to engage in constructive debates with senior decision-makers and push back when necessary is also valuable. Preferred qualifications for this role include certifications such as CISSP, CISA, CISM, CCSP, or CRISC.,