Assessments & Exercises Director - Strategy Lead
Washington, DC, United States
JPMorgan Chase & Co.
Spearhead cutting-edge security strategies and resilience initiatives, shaping the future of cybersecurity.
As an Assessments & Exercises Director in the Cyber and Tech Controls line of business, you will lead key efforts to enhance the firm's cybersecurity or resiliency posture. Plan and implement testing engagement to proactively identify risks and vulnerabilities in people, processes, and technology using advanced assessment methodologies and techniques. Spearhead the resolution of the most complex cyber and resiliency risks facing the firm, drawing on your extensive experience in conducting assessments across different systems, networks, and architectures. Your ability to analyze and articulate the inner workings of complex vulnerabilities will enable the firm to enhance its security strategy and mitigate cyber and resiliency risks.
JPMC’s Assurance Operations organization is looking to expand its Cybersecurity Red Team with a Strategy Lead position. The Strategy Lead is tasked with providing strategic support and direction to the firm’s internal team of highly skilled and qualified Offensive Security testers who conduct advanced adversary emulation assessments to replicate cybersecurity threats targeting the firm. Your track record in leading advanced network exploitation operations, to include Red Team, Purple Team, and Penetration Testing assessments will lead you to excel. You will utilize your experience in Information Security, people management, written and oral communication, and project management to support a process designed to highlight areas of potential risk and to drive communication of identified control weaknesses. This position is anticipated to require the use of one or more High Risk Role (HRR) systems, which mandates successful completion of enhanced screening, including criminal and credit background checks, before starting employment and annually thereafter.
Job responsibilities
- Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
- Lead the successful execution of risk-driven testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations – and the development of comprehensive assessments reports including actionable recommendations, report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
- Influence and partner with cross-functional teams to make data-driven decisions that lead to continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations and lead engagement with internal and external stakeholders – including industry peers and government agencies – to share insights and contribute to the development of cybersecurity and resiliency policies
Required qualifications, capabilities, and skills
- 7+ years of experience in cybersecurity or resiliency, with demonstrated ability to implement complex assessments or exercises collaboratively with diverse stakeholders, subject matter experts, and senior leaders
- Proven ability with at least 4+ years of experience managing teams of technical staff, or ability to create long term strategic plans, and experience conducting process improvement based on operational lessons learned and threat intelligence inputs. Should have a strong understanding of networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, system and software vulnerabilities and exploitation techniques, and web application vulnerabilities and exploitation techniques
- Candidate should have the ability to understand technical findings related to security control weaknesses, communicate those findings clearly to stakeholders, and support the tracking of ownership or remediation of the findings to closure.
- Technical knowledge or experience developing in house scripting, using interpreted languages such as Ruby, Python, or Perl, compiled languages such as C, C++, C#, or Java, and security tools or technology such as Firewalls, IDS/IPS, EDR, Web Proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team results
- Noted cybersecurity expert, keeping technical skills current and participating in multiple forums
- Strong understanding of the current threat landscape and resiliency concerns, national and international laws, regulations, policies, and ethics related to cybersecurity or resiliency
- Demonstrated expertise in security assessment methodologies, threat intelligence utilization, control evaluation techniques, or resiliency testing
- Experience developing and presenting briefings to senior leaders and large audiences, in addition to meeting facilitation, conflict resolution, and providing program updates to senior leaders, regulators, and industry groups
Preferred qualifications, capabilities, and skills
- BS/MS degree or equivalent
- Intelligence Community background or understanding of the financial sector or other large security and IT infrastructures
- Possess relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), SANS (GPEN, GXPN, GWAPT), CREST/Tiger Scheme Certified Tester, and detailed knowledge of current international best practices in privacy and information security
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Banking C CISM CISSP CREST EDR Firewalls GPEN GWAPT GXPN IDS IPS Java Linux Offensive security OSCE OSCP OSEE Pentesting Perl Privacy Python Red team Ruby SANS Scripting Security assessment Security strategy Strategy Threat intelligence UNIX Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Health care Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.