Skip to main contentA logo with &quat;the muse&quat; in dark blue text.
Newsletter

Cybersecurity Third Party Assessment Operations Director

AT JPMorgan Chase
JPMorgan Chase

Cybersecurity Third Party Assessment Operations Director

Columbus, OH

Spearhead cutting-edge security strategies and resilience initiatives, shaping the future of cybersecurity.

As an Assessments & Exercises Director within the Cybersecurity, Technology, and Controls line of business, you will play a pivotal role in strengthening our firm's cybersecurity and resilience. Your responsibilities will include designing and executing testing engagements to proactively detect risks and vulnerabilities in our personnel, procedures, and technology using sophisticated assessment methodologies and techniques. You will be tasked with addressing the most intricate cyber and resilience risks that our firm encounters, utilizing your extensive experience in conducting assessments across a variety of systems, networks, and architectures. Your capacity to dissect and communicate complex vulnerabilities will be crucial in improving our security strategy and reducing cyber and resilience risks. Additionally, you will supervise and manage our Cybersecurity and Tech Controls (CTC) third-party cyber assessment capabilities, playing a vital role in ensuring that our third-party relationships are secure, compliant, and in line with our organization's risk tolerance.

Want more jobs like this?

Get jobs delivered to your inbox every week.

Select a location
By signing up, you agree to our Terms of Service & Privacy Policy.


This role will spearhead the strategic oversight and management of Cybersecurity and Tech Controls (CTC) third-party cyber assessment capabilities. This role is pivotal in ensuring that third-party relationships are secure, compliant, and aligned with the organization's risk appetite. The Executive Director will manage executive expectations, develop insightful reporting and metrics, and enhance risk management practices. Additionally, this role will focus on strengthening contractual agreements, act as the audit/second line interface for the function, and own the cyber, tech, and data requirements for third parties. The Executive Director will collaborate closely with Tech Risk and Controls, Product Security, Business Control Managers, and GRC leads to ensure a unified approach to Third-Party risk management.

Job responsibilities

  • Lead efforts to enhance the firm's third party risk assessment and control environment, identifying areas of improvement and advising on control implementation to mitigate thematic risks
  • Influence and drive the efficient and effective execution of assessment programs, ensuring alignment with organizational objectives, risk appetite, and regulatory compliance
  • Drive and oversee Third Party Assurance priorities and associated book of work, continuously assessing and updating requirements to address evolving threats and regulatory changes
  • Prepare and deliver reports and metrics to provide insights into risk trends and program effectiveness, engaging with stakeholder to communicate the status of third party cyber and technology risks
  • Partner with Risk Pillars and Control Owners to define and maintain the cyber, tech, and data requirements for third-party vendors, ensuring they reflect current best practices and organizational standards
  • Act as a liaison to Tech Risk and Controls, Product Security, Business Control Managers, and GRC leads to foster a collaborative approach to third-party risk management and partner with legal and procurement teams to ensure contracts with third-party vendors include robust cybersecurity and data protection provisions
  • Stay abreast of industry developments, emerging threats, and best practices to ensure the program remains cutting-edge
  • Develop and implement operational plans and strategies that align with broader functional and organizational objectives (such as the needs of the business and regulatory expectations)
  • Lead the successful execution of risk-driven testing and simulations - such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations - and the development of comprehensive assessments reports including actionable recommendations, report to leadership assessment outcomes (including controls effectiveness and operational risk) and escalate thematic trends in observations
  • Influence and partner with cross-functional teams to make data-driven decisions that lead to continuous improvement
  • Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations and lead engagement with internal and external stakeholders - including industry peers and government agencies - to share insights and contribute to the development of cybersecurity and resiliency policies

Required qualifications, capabilities, and skills

  • 7+ years of experience in cybersecurity or resiliency, with demonstrated ability to implement complex assessments or exercises collaboratively with diverse stakeholders, subject matter experts, and senior leaders
  • Demonstrated experience building, operating and enhancing third-party risk management oversight programs
  • Demonstrated leadership experience in managing complex programs and cross-functional teams
  • In-depth knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, GDPR)
  • Exceptional communication and presentation skills, with the ability to engage and influence executive audiences.
  • Strong analytical and strategic thinking skills, with a focus on proactive risk management
  • Ability to prioritize and work under stringent timelines and lead within a matrix line of business technology organization
  • Strong understanding of the current threat landscape and resiliency concerns, national and international laws, regulations, policies, and ethics related to cybersecurity or resiliency
  • Demonstrated expertise in security assessment methodologies, threat intelligence utilization, control evaluation techniques, or resiliency testing
  • Experience developing and presenting briefings to senior leaders and large audiences, in addition to meeting facilitation, conflict resolution, and providing program updates to senior leaders, regulators, and industry groups

Preferred qualifications, capabilities, and skills

  • Relevant certifications (e.g., CISSP, CISM, CRISC) are advantageous
  • Bachelor's degree in Information Security, Cybersecurity, Risk Management, or a related field; advanced degree preferred


ABOUT US

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

ABOUT THE TEAM

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.

Client-provided location(s): Columbus, OH, USA; New York, NY, USA; Plano, TX, USA; Jersey City, NJ, USA
Job ID: JPMorgan-210624351
Employment Type: Full Time

Search Additional Jobs

Cybersecurity Third Party Assessment Operations Director Jobs in Columbus, OHCybersecurity Third Party Assessment Operations Director Jobs in New York, NYCybersecurity Third Party Assessment Operations Director Jobs in Plano, TXCybersecurity Third Party Assessment Operations Director Jobs in Jersey City, NJJobs in Columbus, OHJobs in New York, NYJobs in Plano, TXJobs in Jersey City, NJ