The Supplier Assurance Services (SAS) team is accountable for executing the global comprehensive risk management and assessment programs for all in-scope suppliers within JPMC's Corporate Third Party Oversight (CTPO) program. SAS is also accountable for driving several programs that support the Cybersecurity and Technology (CTC) function, including implementing and operating controls and processes that further enhance the security posture of JPMC's supply chain. The Supplier Assurance Services (SAS) team is part of Global Supplier Services (GSS), reporting directly to JPMC's Chief Procurement Officer. The SAS team supports all Lines of Businesses (LOBs), and regions globally.
As the Third Party Application Security Lead, you will be accountable for driving various programs, to ensure that our third party hosted applications are secure. This includes but isn't limited to scanning, further additional integration into software development lifecycle, secure from the start programs, and ensuring application owners have proper guidance on securing their third party applications. This Lead will also be accountable for the relationship with the CTC Application Security Product Owner and CTPO, ensuring that the third party programs align with internal programs, policies, and governance requirements.
A successful candidate must be able to demonstrate the following capabilities:
- Expand and deliver on a multi-year third party application security roadmap, which include both process and technology enhancements. Ensure key stakeholder input and feedback is acquired during the creation of this roadmap.
- Drive and mature the collaborative partnership between SAS, TPO, and CTC - ensuring key stakeholders contribute and endorse the product roadmap.
- Execute third party application security scanning program, focusing on timely execution of scans, and comprehensive documentation of any risks, including remediation plans.
- Cover all types of applications, including those that are hosted at suppliers, and those that are hosted on public cloud infrastructure.
- Stay ahead of application security risks, vulnerabilities, trends, and threats.
- Partner with various policy and governance teams to build new capabilities into existing control frameworks.
- Support and recommend internal education and best practices sharing with the application development, application owner, and delivery manager communities.
- 3 - 5 years of application security experience, including securing Software as a Service (SaaS) platforms.
- 3 - 5 years of experience in information technology risk management, including risk identification, classification, and remediation.
- 3 - 5 years of experience in application scanning capabilities, using industry tools.
- Understanding of select Software Development Lifecycle (SDLC) processes and tools, including Agile.
- Bachelor's Degree Required, Master's Degree Preferred.
- Possessing one or more Information Security certifications, such as CISSP, CISM, CSSP, or CRISC is a plus.
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.