| Employer: | JP Morgan Chase
| Job Ref No: |
110036100
| Job Title: |
Third Party Risk Assessment/QA Lead
| Sector: |
Other
| Sub Sector: |
Other
| Risk Type: |
Other
| Expertise: |
Risk Manager
|
Third Party Risk management and oversight at JPMC views risk comprehensively across multiple Functional Risk Areas (FRAs) such as Information Risk, Disaster Recovery & Business Resiliency, Financial Viability, Contracts, Third Party (TP) Performance manaement, Operational Risk, Concentration risk, etc. Third Party Risk Management (TPRM) involves implementing a framework for identifying, measuring, assessing and addressing risk arising from third party vendors and partners. The Third Party Risk Quality Lead will provide strategic leadership to the Third Party Risk management program/function at JPMC, as it related to QA for Third Parties. The TPRM program will focus on four key areas: - Third Party Risk Assessment - identify critical third parties and ensure effective risk assessment
- Quality Assurance - ensure completeness and policy compliance of third party risk assessments
- Tools & Metrics - enhance risk management toolset and MIS, to improve risk posture, resource efficiency and trend analysis
- Operating model - engage firmwide stakeholders to ensure governance, transparency, role clarity and training to optimize risk posture
Key responsibilities include: - Identify critical Third Parties/vendors - in scope for Quality Assurance reviews
- Conduct Quality Assurance reviews of 50% of the firms critical third parties/vendors (currently between 75 and 100 annually)
- Present QA analysis and outcomes to LOB IRM colleagues for closure/alignment
- Document QA findings and publish via Sharepoint TPRM Portal
- Track closure of "outstanding action plans" related to QA Reviews, to ensure timely completion of the same
- Consult with LOB IRM colleagues on "peer reviews" conducted by them, as necessary
- Publish/prepare monthly QA Review reports including throughput, status, etc.
- Identify critical Third Parties/vendors that are used by 4 or more LOBs - in scope for Collaborative Risk Assessments
- Partner with LOB IRMs to develop "scope of services" and therefore "scope of risk assessment"
- Align with LOB stakeholders (IT Risk, Operational Risk, Business Resiliency, Compliance and Relationship Managers) on scope, timing and test plan for Risk Assessment
- Partner with LOB IRM to conduct Risk Assessment incl. questionnaire, onsite visit, documentataion of findings, development of remediation plans, etc.
- Build TPRM Scorecard for in-scope Third Parties/Vendors
- Align with LOB stakeholders (IT Risk, Operational Risk, Business Resiliency, Compliance and Relationship Managers) on post-assessment findings/issues, remediation and escalation as necessary
- Track remediation plan completion, NCAs, and other assessment/remediation related action items for Collaborative Risk Assessments
- Support training initiatives to improve quality of assessments.
The position will report to theThird Party Risk Management Governance Lead. The ideal candidate is an experienced Risk Management professional with a solid foundation in Risk Assessment, Reporting, Audit and Controls Implementation. As a member of the Information Technology Risk Security Management function, the candidate will be expected to: - Be prepared to travel domestically and internationally
- Ensure that all pertinent Information Risk and Control regulatory requirements and applicable JPMC policies are understood by LOB clients, technologists, and IRM team members, and that these policies are implemented and monitored successfully.
Essential functions of this role are: Partnership - A fundamental requirement within the Risk Management Function is the ability to operate as a team and in partnership.
- The incumbent must be able to partner across the technology and business teams to maximize the quality, integration and effectiveness of the risk management coverage. This requires a very proactive, open and communicative approach through all aspects of planning and execution,
- Such partnership is also expected in dealing with the other LOB risk managers as we share common goals of providing a well-controlled operating environment to maximize value to our shareholders.
Communication: - The individual is expected to be able to communicate concisely and effectively with all levels of the organization.
- The ability to communicate effectively with technologist and business personnel is critical, including the usage of business relevant terms to describe technology risks.
- Experienced Information Technology professional with a proven Financial Services track record of 6 to 8 years in Technology Risk Management, IT audit, technology operations, Third Party or Information Risk management, and risk based projects.
- Strong operational or IT Risk management experience including evaluating and addressing risks and controls related to risk dimensions such as data protection, software security, risk governance, security & vulnerability, identity & access management, third party (sub-contractors), and business resiliency, as related to assessing a third party.
- Working knowledge of Industry Best Practices w.r.t. risk management related to suppliers or third parties
- Strong Practical knowledge of development lifecycles, as well as, project and program management concepts and controls.
- Enthusiastic, effective communicator thrives under pressure and willing to take personal responsibility and accountability.
- Extensive communication skills and experience in driving process improvement.
- Strong problem solving and analytical capabilities
- Proven ability to influence and work across organizational boundaries
- Sound infrastructure knowledge of current and legacy technology including: Virtualization, Grid Computing, Cloud computing, Mainframe, Distributed Computing, Networking, Messaging, Database Management.
- Position can be located in Wilmington, Delaware, Columbus, Ohio or Jersey City, New Jersey.
Preferred qualifications include: - Knowledge of SOX, GLBA, and PCI preferred
- Knowledge and experience in Disaster Recovery, and Business Continuity testing/planning preferred
- Supplier performance management or vendor management
- Certifications such as CISSP, CISA or equivalent preferred
- Knowledge of or participation in industry groups such as BITS
- Bachelor's or Master's degree, or commensurate experience
JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.
| Employment Type: |
Full Time
| Region/Country: |
Americas, United States
| States/Counties: |
Delaware
| City: |
Wilmington
| Address: | | Post Date: | 05/06/2011 |
