Job description
This is a rare opportunity to operate at the intersection of deep technical cybersecurity expertise and enterprise-level risk strategy. As a senior technical authority, you will shape how the firm evaluates and manages cybersecurity risk across its most strategically significant supplier relationships. You will work alongside leaders across Cybersecurity, Technology, and Risk to drive meaningful improvements in third-party assurance outcomes. Your expertise will directly influence how the firm protects itself against emerging threats in an increasingly complex supplier landscape. If you are a cybersecurity leader who thrives on technical depth, credible challenge, and high-stakes decision-making, this role was built for you. As an Executive Director at JPMorganChase within the Cybersecurity and Technology Controls Assessments and Exercises function, you will serve as the senior technical authority for third-party cybersecurity assurance, bringing deep hands-on expertise in cybersecurity architecture, cloud security, and enterprise control frameworks to critically evaluate the control maturity of the firm's most complex and strategically significant suppliers. Reporting to the Global Third-Party Assurance Lead, you will elevate the technical rigor, depth, and credibility of third-party assurance outcomes across the organization. You will translate complex technical findings into clear, business-relevant risk insights for senior stakeholders across Cybersecurity, Technology, Risk, and the Business. You will also act as a trusted escalation point for the most technically challenging assessments, ensuring the firm's third-party risk posture reflects the highest standards of technical scrutiny. Job Responsibilities: * Provide authoritative technical leadership across third-party cybersecurity assessments, bringing deep expertise in cybersecurity architecture, cloud-native and hybrid environments, application security, and enterprise control domains. * Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture, control maturity, and architectural resilience, particularly for the firm's most critical and complex third-party relationships. * Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firm's risk appetite. * Evaluate supplier security architectures across public cloud providers (AWS, Azure, Google Cloud), assessing the design and effectiveness of controls in cloud-native, hybrid, and on-premises environments. * Act as the senior technical escalation point for complex supplier risks, control gaps, and remediation strategies, providing credible challenge and expert advisory input. * Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities, including architecture reviews, threat modelling, and cloud security posture evaluation. * Translate complex technical cybersecurity risks and supplier control deficiencies into clear, actionable, business-relevant insights for senior leadership and non-technical audiences through detailed reports and presentations. * Partner with Product Security, Cybersecurity Architecture, Technology Risk and Controls, and Cybersecurity pillar leads to ensure alignment in control intent, solution design, and third-party risk remediation. * Lead thematic analysis to identify systemic technical weaknesses, emerging risks, and trends across the supplier landscape, and recommend strategic remediation approaches. Required Qualifications, Capabilities, and Skills: * 10 years of professional experience in cybersecurity, with demonstrated experience in senior technical or architecture-focused positions. * Proven ability to assess and articulate the cybersecurity control maturity of complex technology environments, including enterprise, cloud-native, and hybrid architectures. * Deep, hands-on expertise in cybersecurity architecture, threat modelling, and designing or evaluating secure controls for enterprise-level solutions. * Strong understanding of industry cybersecurity frameworks and key control domains, including NIST CSF, ISO 27001, Federal Financial Institutions Examination Council (FFIEC) guidance, SOC 2, and GDPR. * Thorough design and operational experience across one or more major public cloud providers, including AWS, Azure, or Google Cloud. * Proficiency with Cloud Security Posture Management tools and cloud security assessment methodologies. * Demonstrated ability to translate complex cybersecurity and technical findings into clear, business-relevant communications for audiences ranging from technical practitioners to executive and non-technical stakeholders. Preferred Qualifications, Capabilities, and Skills: * Relevant cloud or cybersecurity certifications such as CISSP, CCSP, or cloud provider certifications from AWS, Azure, or Google Cloud. * Experience conducting cybersecurity assessments in support of strategic technology initiatives, such as blockchain, digital assets, or emerging technology platforms, including engagement at senior leadership forums. * Demonstrated ability to influence and negotiate with external suppliers and internal senior stakeholders to drive remediation outcomes and control improvements without direct authority. * Experience operating within or supporting a full lifecycle assessment model, with the ability to engage independently with suppliers and subject matter experts from an early stage while managing multiple concurrent assessments. #CTC JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management. We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation. JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans Base Pay/Salary Plano,TX $166,250.00 - 300,000.00 / year\nColumbus,OH $161,500.00 - $285,000.00 / year
