Information Security Specialist (Associate) Job Description (RFT – Risk & Finance Technology)
Continual enhancement of the confidentiality, integrity and availability of data and systems through a robust information security agenda is a key strategic objective of JP Morgan Chase. Cyber security and access management are growing areas with significant senior management support. A number of work streams, programs, and projects are planned to further enhance the security and controls across the company. Strong information security team members are required to support this objective.
The CISO organization within Risk & Finance Technology is looking for an Information Risk Analyst to join the Identity & Access Management team. The I&AM team coordinates closely with the Global Identity & Access Management team and other lines of business to develop firm-wide projects and priorities and works within Risk & Finance Technology on implementation. The team works in areas of access management, entitlements, access provisioning/deprovisioning and recertification. The team maintains the RFT Entitlements platforms and works with developers, Information Owners, and Compliance to ensure entitlements are appropriately set up, have the appropriate administration ownership, approvals and are in compliance with firm-wide policy.
The candidate will support the development and ongoing assessment of information security across JP Morgan Chase. The role supports both technology and the business in providing end to end security to ensure first class security capabilities. The role will support the broad spectrum of information security responsibilities from strategy development, ongoing security assessments and risk analysis to improve security capabilities.
The ideal candidate would be able to demonstrate a sound understanding of Identity & Access Management, Operational Risk, Information Security and have experience in financial services and/or consulting.
The role will be a part of RFT Chief Information Security Office and will be based in Bangalore.
– Provide SME in Identity & Access Management within RFT.
– Manage the recertification process, including support for Quarterly and off-cycle recertifications. Recertification tasks include IO attestation scope confirmation, functional ID mapping support, feed support and daily stakeholder inquiries.
– Provide first level privileged access account breakglass support, including working with stakeholders on functional account ownership, the breakglass onboarding process, support group reengineering, data/account remediation activities, enhancements, & training.
– Active Directory File Share Remediation/User Tools – Support identification of folder owners and coordinate with GIAM to secure active directory qtrees.
– Process – Develop, implement and manage secure software life cycle processes to that will assist the application development teams to integrity security requirements within their applications and databases.
– Data Analysis – Understand, interpret, validate, manipulate, data using excel and other tools, and present conclusions to the key stakeholders.
– Contribute to the development and implementation of security software, policies, standards, procedures, guidelines.
– Provide baseline metrics and reporting, both during impact analysis and on-going execution of risk-driven projects, organize and deliver clear and accurate data for Technology and Executive Management.
– Assist RFT IRM and Technology Teams to ensure that RFT can manage effectively in support of all risk-based projects.
Salary: Not Disclosed by Recruiter
Industry:IT-Software / Software Services
Functional Area:IT Software – Network Administration , Security
application development active directory information security coding consulting investment banking data analysis change management mapping sme
Desired Candidate Profile:
UG: B.Tech/B.E. – Computers
PG:Post Graduation Not Required
Doctorate:Any Doctorate – Any Specialization, Doctorate Not Required
– Information security certifications (such as CISSP, CSSLP, CEH/CPT or related certifications) world be preferred.
– A graduate degree or equivalent experience in computer science in also required.
– Excellent written and verbal communication skills.
– Very strong data analysis, both qualitative and quantitative.
– Good reasoning and logic, problem solving skills.
– Exposure to financial services systems and process preferably in Investment Banking.
– Experience in working with diverse cross geography teams.
– Self motivated individual, comfortable working without close supervision and with ability to work to deadlines.
– Team player with proven ability to build strong cross-business relationships.
– Exposure to information security principles and relevant standards including access management, change management, security incidents, and business continuity management.
– Strong understanding of security software development life cycle/
– Working knowledge of application assessment, application security vulnerabilities, code review methodologies, and secure coding practices.
– Exposure to information security vulnerability concepts, issues and mitigation methods.
– Experience in a similar risk role.
– Experience of technology projects and/or the Risk and Financial business is a plus point.
J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built upon our core principle of putting our clients’ interests first.