loss prevention Plano, TX
Job description
Data Loss Prevention Product Governance Lead
The primary responsibility of the Data Loss Prevention Product Governance Associate is to ensure proper governance around products delivering data loss prevention controls. This role falls within the Cybersecurity Operations product line, which includes SIEM, DLP, Digital Forensics, Network Telemetry and File Analysis, Cyber Intelligence, Vulnerability Management, Attack Simulation, and Endpoint Detection and Response.
This Product Governance role is responsible for risk and compliance oversight of the Data Loss Prevention product within the Cyber Operations product line and is focused on ensuring that all operational implementations and measures are managed to the firm's risk and compliance requirements. It will also partner with the product teams to ensure an accurate articulation of risk, an appropriate prioritization of controls in accordance with requirements and risk posture, effective assessment of controls, timely remediation of findings, and complete responses to Audit, Supervisory, and Regulatory requests for information. This role participates in the development, design, and monitoring of corporate and global control programs and acts as a liaison between the Product lines, the Lines of Business, internal and external audit, and regulators.
Key Responsibilities:
- Assist with the design and development of control implementations and their measures based on new and emerging technology solutions
- Employ knowledge of industry best practice and control guidance provided by NIST, CIS, DISA and others
- Ensure existing and new solutions are designed to be continuously compliant with JPMC policies and standards and pertinent regulatory requirements
- Support regulatory engagements
- Collaborate with team members and stakeholders on internal and external audits involving Cyber Operations products
- Provide leadership and advise on material remediation activities, ensure appropriate resolution of issues and action plans, and support the closure verification process
- Communicate risk and other control findings to key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis
- Develop documentation and evidence to support risk decisions for product roadmap prioritization and control implementations
- Drive strategic improvement for measurable and sustainable controls including process enhancements and use of automation
- Define and proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation to address security, risk, and control gaps
- Lead efforts to automate product capabilities for the production, analysis, and reporting of data for assessment and performance and risk indicators
- Establish productive partnerships with LOB, Cyber Architecture, and Product Management teams
Qualifications:
- 5+ years of combined experience across the fields of technology risk and controls, risk assessments, cybersecurity operations, audit and regulatory activities
- Knowledge of Data Loss Prevention and Cybersecurity practices, operations risk management, and engineering threats and vulnerabilities including incident response methodologies
- Understanding of national and international laws, regulations, and policies related to the financial services industry
- Ability to identify Data Loss Prevention security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
- Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, Cybersecurity, or study / experience in a related field is required
- Experience within the Financial Services Industry is preferred
- Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment
- CISSP/CRISC/CISM or equivalent industry certifications
Additional Desired Skills:
- Ability to maintain high standards, prioritize work and drive toward solutions in challenging and/or changing situations
- Proven ability to examine, improve, and execute the organization's existing processes and procedures for risk assessment
- Ability to review, understand, and rely on technical and software documentation and apply that knowledge
- Experience operating in heavily governed environments under compliance, regulatory, or risk reduction controls
- Skillful stakeholder engagement including the ability to interact with all levels of management
- Functional and current knowledge of process-focused methodologies for IT related activities (Networks, Cloud, Change Management, Incident Management, SDLC)
- Proficient verbal and written communication skills including the ability to lead discussions and meetings with internal management, external / internal audit, peer groups, regulators, and senior stakeholders
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm’s current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm’s vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
ABOUT THE TEAM
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.
