Join the Supplier Assurance Services (SAS) team, part of Global Supplier Services (GSS), reporting directly to JPMC’s Chief Procurement Officer. SAS is accountable for executing global risk management and assessment programs for all in-scope suppliers within JPMC’s Corporate Third-Party Oversight (CTPO) program, supporting Cybersecurity and Technology (CTC) functions, and enhancing JPMC’s supply chain security posture. As a Supplier Control Assessor within SAS, you will be responsible for performing technical risk and control assessments of supplier environments, including infrastructure, application stacks, and other technologies. You will ensure compliance with JPMC Corporate Policies & Standards and validate that technical risks are managed, and security controls are implemented. You will partner with CTC and Lines of Business (LOBs) to focus on assessing supplier control environments and managing action plans and risk acceptances.

 

Job Responsibilities:

Engage with multiple LOB Delivery Managers for firm-wide suppliers to ensure compliance with required assessments per JPMC policy and procedures.Drive all aspects of the control assessment of suppliers.Assess completed questionnaires and supporting fieldwork materials to ensure they are complete and meet JPMC expectations.Lead supplier assessments, providing overall IT and cybersecurity risk and controls expertise.Identify control breaks and vulnerabilities within suppliers' IT environments.Document findings and work with the LOB Delivery Manager and Information Security Manager to resolve findings through action plans (APs) or seek risk acceptance (RA) approvals.Validate evidence from suppliers before action plans are closed.Escalate issues associated with suppliers as needed.Identify opportunities for process improvements to deliver increasing operational efficiency in the processes, identify opportunities for improving supplier posture and JPMC's supplier management processes, including expanded monitoring, KRI tracking, etc.Assist with various SAS program initiatives, working closely with SAS Leads.Support internal education and best practices sharing with peers and colleagues, as well as third-party education and awareness, as needed.

Required Qualifications, Capabilities, and Skills:

More than 5 years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), and Third-Party Outsourcing Risk Management within a large enterprise-level environment.4+ years of work experience in one or more areas of infrastructure (e.g., UNIX, Windows), databases (e.g., Oracle, SQL Server), and networks.Understanding of industry risk frameworks (ISO27001, NIST, etc.).Strong written and verbal presentation skills at the senior management level.Experience debating issues with senior decision-makers and pushing back when necessary.Strong written and verbal presentation skills at the senior management level across various business groups.

Preferred Qualifications, Capabilities, and Skills:

CISSP, CISA, or CCSP certification is a plus.