Info Risk Lead-090055322 Job Details

Job Description

JPMorgan Chase (NYSE: JPM) is a leading global financial services firm with assets of $2.1 trillion.  We operate in more than 60 countries with more than 200,000 employees.  We serve millions of U.S. consumers and many of the world's most prominent corporate, institutional and government clients.  If you're interested in working in an environment where leadership, excellence, integrity and diversity are among our core principles, then explore the opportunities at JPMorgan Chase.

 

If you're interested in working in an environment where leadership, excellence, integrity and diversity are among our core principles, then explore the opportunities at JPMorgan Chase.  Further information about careers at JPMorgan Chase can be found on our website: www.jpmorganchase.com

 

We are currently seeking an Information Security professional to manage our Payment Card Industry Data Security program, as well as someone to provide oversight of our SAS70 and Key Management functions.  The role will be responsible for coordinating the annual certification with an external party, including but not limited to:

 

- Act as liaison to Visa and Mastercard regarding PCI DSS Requirements and certification status

- Document scope and testing strategy

- Gather and develop, where required, supporting process documentation

- Coordinate PCI DSS Testing for Card Services and other applicable Lines of Business, working with multiple parties and varying levels of technical expertise

- Document compensating controls, where applicable

- Manage projects related to PCI DSS compliance

- Review and approve the annual Report on Compliance

 

In addition, individual will have the opportunity to provide oversight for the Card Services SAS70 program.  Coordinating scope, including facilitation of partner feedback, engaging key subject matter experts, collecting documentat and testing samples, and managing external auditors to facilitate the execution of an annual SAS70.  The resource will also have the opportunity to help drive the Card Services Key Management programs, including coordination with stakeholders and Associations. Responsibilities to include maintenance, documentation and coordination of key sessions for card, contactless card and association related keys, as well as driving requirements and implementation of process enhancements.  Based on individual expertise, this role may also be expanded to include additional security and compliance related activities.


 
Qualifications

Strong process and project management skills

Solid technical knowledge in the following areas: Network Security, Host Security, Encryption and specific solutions for securing data in storage, Vulnerability Management, Access Administration, Logical Access Controls, Intrustion Detection, and Information Security Policy.

 

Knowledge of the Card Servicing and/or Processing industry is preferred.

Strong communication skills and presentation skills required.

Working knowledge of Microsoft Office products required, including Excel, Access and Project.

PCI Qualified Data Security Professional certification preferred.

A minimum of one of the following certifications or equivalent proof of experience:  CISSP, CISA, CISM or a minimum of eight years Information Security experience.

Key Management experience is a plus, as well as knowledge of Prime Factor, Mainframe (ACF2) and Tandem Security.