Corporate Third Party Oversight - Risk Application Security, VP
Columbus, OH, United States
JPMorgan Chase & Co.
Join our team to ensure a consistent and effective risk management program globally for third party-hosted applications.
As an Application Security Expert, in Corporate Third Party Oversight you will ensure consistent and effective end-to-end risk management program is in place globally for third party-hosted applications. You will influence internal and external stakeholders to inform and ultimately mitigate third party application risk across the firm.
Job Responsibilities
- Drive the transformation agenda, including business justification and program build out.
- Partner with internal risk teams to support business as usual risk activities, reporting and project initiatives.
- Ensure risk impacting the business is effectively identified, quantified, communicated and remediated
- Influence supplier adoption of the product vision, roadmap, and risk control objectives
- Operationalize the Third Party Software Bill of Materials (SBOM) program
Required qualifications, capabilities, and skills
- 5+ years of experience in Third Party Risk Management (TPRM) or Governance, Risk Management, and Compliance (GRC), Cybersecurity, Application Security, Cloud Security Architecture (SaaS, PaaS & IaaS) within a large enterprise level environment
- 3+ years of experience using a broad set of technologies (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, compute, storage, etc.)
- Strong leadership skills, ability to multitask, sense of ownership, attention to detail and quality, and deliver on commitments
- Understanding of Secure Software Development Life Cycle (SSDLC) (e.g., coding requirements, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
Preferred qualifications, capabilities, and skills
- Certification in Public Cloud Technology from major Cloud Service Provider
- Experience with Software Bill of Materials (SBOM)
- CISSP, CISA, CISM, CCSP or CRISC certification
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Banking CCSP CISA CISM CISSP Cloud Code analysis Compliance CRISC Governance IaaS PaaS Risk assessment Risk management SaaS SBOM SDLC SSDLC
Perks/benefits: Competitive pay Health care Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.