Vulnerability Management Governance – Risk Lead at JPMorgan Chase Bank, N.A. (New York, NY)

JPMorgan Chase Bank, N.A.

The Global Cybersecurity and Technology Controls (“CTC”) functions are responsible for the governance and oversight of the Information Security Program, which is designed to securely enable new business and technology initiatives while maintaining a relentless focus on protecting the Firm and its clients/customers.

Within CTC, the Vulnerability Management and Assessments team (VM&A) demonstrates the exposure to current cyber threats by identifying and providing remediation oversight of vulnerabilities found throughout JPMC’s Technology Estate. The goal for the VM&A Team is to ensure vulnerabilities are identified and addressed quickly and efficiently, using a risk based approach, to help maintain the security of our network, applications, and data for ourselves and our clients.


As the level of global oversight across industry continues to increase, and to compliment ongoing organizational transformation the VM&A organization is seeking a Risk Focused individual to help manage the day-to-day operations of the “Vulnerability Management Control Domain Authority” (VM CDA). The VM CDA is the governing body empowered to make key risk decisions related to Vulnerability Management and Assessments for the Firm.

This role will report to the VM&A Governance lead and will work directly with all Lines of Business Information Security Managers (ISM’s), Subject Matter Experts, Product Owners, Senior Technology Management, and Risk and Control functions on:

Defining the material cyber risks, risk tolerances, and thresholds within the VM&A Function

Ensuring that the material cyber risks are captured, categorized, and mapped into an appropriate response or captured in the risk register

Actioning and memorializing key cyber risk based decisions (via Bi-weekly Weekly VM CDA Meeting

Providing a defendable governance model to 2nd/ 3rd line and regulatory bodies with a
consistent view of risk.

Monitoring Existing and Helping to Define/Implement enhanced Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) across the VM&A Ecosystem.

Driving decisions of and disposition (e.g. Risk Heightening) of Risk Impacts based upon performance of KRIs against pre-defined thresholds and Risk Triggers within the Firm’s Operational Risk System.

Contributing to periodic and ad-hoc Risk reporting for Senior Management and other applicable stakeholders.

Providing Risk insights and guidance on matters related to VM&A Issue and Break Management.

Acting as VM&A’s Single Point of Contact into the CTC Governance, Risk, and Controls Organization on topics related to the Firm’s broader approach to Technology Risk.

Helping to drive other initiatives (e.g. enhanced VM scoring methodology) in concert with applicable stakeholders and acting as a risk focused interface between Technical and Business focused teams.


The ideal candidate is an experienced IT Risk / Controls / Security Management / Program Management professional with a solid foundation in Cybersecurity or Vulnerability Management Processes, who has also experience in or a strong understanding of communicating IT risk programs to external customers. Alternatively, this role could suit a candidate who as previously worked in a Cyber Operations role and is looking to make a transition into Operational Governance.

Desired qualifications:

7+ years of experience in Technology Governance, Risk Management and Controls, Cybersecurity or related fields. Experience within financial services areas is preferred.

Strong understanding of Information Security, Risk, Controls

Strong depth of knowledge of Cybersecurity/Vulnerability Management Processes/Methodologies and their application to emerging technologies (e.g. Clouds and Containers) is a plus.

Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.

Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization.

Extensive experience with deep-dive control reviews to identify process and control breaks

Ability to work independently and proactively to accomplish multiple objectives concurrently

Demonstrated success working across Lines of Business, countries and regions, balancing the needs of multiple organizations

Excellent verbal, interpersonal and written communication skills and the ability to any level of management

Experience with working with virtual teams / teams geographically distributed is required

Knowledge of FFIEC, CAT, NIST, COBIT and ITIL (desired)

Bachelor’s degree or equivalent experience in related Technology field with CISM, CRISC or CISSP certifications (preferred)

Your expertise in Cyber, combined with your desire to provide innovative security services, will be an asset to our Cybersecurity team. Help deliver high-quality secure solutions across all our lines of business around the world by creating, designing, implementing, and maintaining next-level technology. The work you’ll do is vital, as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.

When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.

At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans

To apply for this job please visit