Corporate Cybersecurity and Technology Controls Auditor Associate
An exciting opportunity has arisen within the EMEA Enterprise Technology Audit team for a Cybersecurity Auditor, reporting into the EMEA Cybersecurity & Technology Controls Audit team. The successful candidate will be part of a UK-based team responsible for executing the regional and global audit plan. Role Description and Key Responsibilities
As a Cybersecurity & Technology Controls Auditor you will be responsible for risk assessment, control identification, development of audit testing, and completion of audit work across Enterprise Technology.
The individual must be an experienced technology professional who possesses good project management skills, broad experience of leading edge technical or cybersecurity concepts, strong relationship management capabilities and is knowledgeable of the operational and control risks which exist in technology businesses in general. The role responsibilities include:
C RITICAL KNOWLEDGE & SKILL REQUIREMENTS:
- Plan, execute and document audits with limited supervision in a risk focused manner and to a high standard in accordance with department and professional standards
- Evaluate, test and report on the adequacy and effectiveness of the control environment covering centralized access management functions, in addition to focused areas of cybersecurity such as digital forensics, threat intelligence or red team/penetration testing as well as more general IT process reviews within cybersecurity.
- Analyse risks and proactively identify the root-cause of issues with a view to providing recommendations for improvement where weaknesses are identified
- Finalize audit findings and use judgment to provide an overall opinion on the control environment
- Communicate audit results and issues in a clear and concise manner, both verbally and in writing
- Implement and execute an effective program of continuous auditing for assigned areas. This includes monitoring of key metrics to identify control issues and adverse trends in the control environment and keeping abreast of key initiatives and pertinent industry and regulatory developments
- Build and maintain key relationships with stakeholders and colleagues, establishing a culture of engagement while adding value, effective teamwork and innovative thinking
- Disseminate best practice and regulatory requirements. Critically assess the impact of evolving industry and regulatory changes on the business and its control environment
- Approximately 25% travel to overseas business locations as required
- Identify potential automation opportunities and formulate requests in a timely manner for the development of audit software to benefit the audit process
- Business and Industry Knowledge - Demonstrable knowledge and experience of auditing cybersecurity and infrastructure. Good technical knowledge of Identity & Access Management, Networks, Active Directory, Vulnerability Assessment & Remediation and security aspects of relationship database management systems e.g. Sybase, Oracle platforms.
- Methodology & Analytical Skills - Detailed understanding of internal control and risk assessment concepts and strong analytical skills to assess the impact of control weaknesses
- Partnership - Strong execution skills, ability to work independently with limited supervision and multi-task. Works well individually and in teams, shares information, and supports colleagues. Ability to create strong stakeholder relationships that promote transparency and open dialogue around control issues
- Communication - Strong verbal and written communication skills, with the ability to present complex and sensitive issues to management in a persuasive manner.
- Leadership - Ability to assess priorities, adapt to a changing environment, organize and lead resources, monitor progress and timely deliver a high quality end product. Enthusiastic, self-motivated, effective under pressure
- Accountability - Proven ability to take the initiative in developing the scope and execution of audits/ projects. Seeks ways to increase efficiency and effectiveness of work performed and resources utilized. Willing to take personal responsibility/accountability
- Education to degree standard (or equivalent)
- experience in technology, cybersecurity or audit
- Experience with technology infrastructure risk and controls, including administration of Networks, O/S (Windows or Linux/Unix), Cloud, Database, Mainframe, and/or Middleware security control reviews
- Knowledge of cybersecurity controls, infrastructure technology, technology governance and security assessments, ethical hacking / cyber security tools and toolsets e.g. Kali, Backtrack, Nethunter
- Enthusiastic, self-motivated, willing to be challenged and take personal responsibility
- Excellent verbal and written communication skills
- Ability to build strong partnerships across the technology and business teams
- Ability to multitask and execute audit activities with minimal supervision
- A relevant information security or cybersecurity professional certification is a bonus e.g. CISM, CISA, CISSP, CEH, GIAC, MCSE/MCSA, CCNA, CCNP
To be considered for this role, you may be required to complete the video interview powered By HireVue. About J.P. Morgan Chase & Co:
J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.1 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its JPMorgan and Chase, and WaMu brands.
JPMorgan Chase & Co. offers an exceptional benefits program and a highly competitive compensation package. JPMorgan Chase & Co. is an Equal Opportunity Employer and a member of the UK Government's Disability Confident Scheme.