Cyber Security Assessments & Exercises Vice President

Job Description
Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.
As an Assessments & Exercises Vice President in Cybersecurity & Tech Controls, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
Job responsibilities

• Assess the potential impact of vulnerabilities on business and technology operations using data-driven risk prioritization.
• Utilize advanced data analytics to conduct comprehensive root cause analysis (RCA) of security issues identified during assessments across various technologies. Transform findings into actionable insights.
• Collaborate with stakeholders throughout the firm to understand, address findings, and achieve the common goal of improving the security posture of the firm.
• Identify, design, and implement technical, procedural, educational, or other solutions to effectively mitigate security issues.
• Propose and drive novel, data-centric approaches to detect, mitigate and prevent the identified issues, leveraging the latest technologies and methodologies.
• Present data analysis, insights, and conclusions to both technical and non-technical audiences, including senior leaders, ensuring clarity and understanding.
• Prioritize remediation efforts using multiple criteria to ensure the most worthwhile issues are addressed first.
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's strategic investigations practice.

Required qualifications, capabilities, and skills.

• Bachelor's Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
• 5+ years of experience in cybersecurity, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of solutions for emerging and systemic security issues through assessments, workshop or simulation exercises.
• An insatiable technical curiosity about all things Cyber and a desire to expand your skillset.
• Proficiency in coding (scripting) practices, with experience in multiple programming languages (e.g., Python, C, JavaScript, VBScript).
• Demonstrated ability to be proactive and resourceful, identifying and analyzing appropriate data sources for data-driven investigations.
• Experience in developing both tactical and strategic tools and capabilities.
• Experience in building analytical processes, templates, and documentation.
• Strong written and verbal communication skills; ability to understand complex problems and present them simply.
• Knowledge of US financial services sector cybersecurity organization practices, principles, threats, risks, and incident response methodologies.
• A strong commitment to ethical practices and doing what is right.

Preferred qualifications, capabilities, and skills

• Hold relevant industry certifications - such as Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration tester (OSEP), Certified Ethical Hacker (CEH) - showcasing advanced expertise in cybersecurity and offensive testing methodologies.
• Knowledge of or experience in cybersecurity roles and processes such as Incident Response, Threat Intelligence, Penetration Testing, Red Teaming, Risk Management, Cyber Engineering, Cyber Architecture, and Data Privacy.
• Familiarity with network architecture concepts, including cloud architectures, and deploying large-scale applications in an enterprise environment.
• Experience with enterprise level security technologies like firewalls, IDS/IPS, web proxies, DLP, SIEM, SOAR, and others.
• Ability to collaborate with high-performing teams, senior leaders, business stakeholders, third-party vendors, and technical individuals throughout the firm to effectively articulate risk and drive change

About Us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
About the Team
Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.