Information Security / Vulnerability Analyst

Description Building on its longstanding commitment to New York State, JPMorgan Chase & Co. has established an innovative, industry leading partnership with Syracuse University. As part of this collaboration, employees of JPMorgan Chase & Co. are joining with Syracuse University faculty to create a unique curriculum focusing on Global Enterprise Technology and perform applied research in areas of mutual interest to the university and the firm.
 
Another key aspect of this partnership is the establishment of a JPMorgan Chase & Co. Technology Center on the campus of Syracuse University. The Tech Center will house team members providing the following technology functions:

• Formation of an Information Security & Risk Management Center of Excellence for use across the firm
• Application Development & Support of our world-class financial systems
• Collaborate with Syracuse University students and faculty on innovative research projects

This position will be part of the Information Security & Risk Management Center of Excellence and falls under the Corporate Internet Group (CIG), which creates and supports many of JPMorgan Chase's online banking and marketing capabilities.  The Information Risk Management (IRM) Team within CIG is responsible for overseeing controls and programs designed to ensure appropriate logical and physical protection of information and other assets.  The IRM Analyst is responsible for assisting with the day-to-day management and oversight of CIG's Vulnerability Management program, as well as various other information risk programs and assessments.  These include:

 
Line of Business Vulnerability Management Coordinator

• Using company-wide toolsets to oversee CIG's ability to identify and correct infrastructure security issues found in servers, databases, and workstations - including results from baseline configuration monitoring tools, anti-virus and patching issues, and results from various other toolsets
• Work with various technology teams to ensure toolsets used to detect infrastructure security issues are deployed on all necessary platforms.
• Monitor alerts from the firm's Computer Security Incident Response Team (CSIRT) and other Security Event Management sources; and drive timely remediation of issues within CIG.
• Create and maintain scorecards and reporting to display our risk profile and provide insight to management for decision making.
• Active Participation in firm-wide vulnerability management forums designed to keep lines of business up-to-date on process changes, upcoming projects that may impact CIG, or potential threats that may require due diligence and preparation.

General Information Risk Management Activities

• Participate in CIG's systems development lifecycle (SDLC) and change management process, to monitor information risk issues during the design of new systems and major changes, ensuring security principals are applied.  
• Work with technology leads to assess CIG supported applications based on security standards.
• Assist with tracking and assessing controls of outside service providers as necessary.
• Participate in the creation and/or delivery of security awareness initiatives for CIG.
• Assist with data protection initiatives and other programs as necessary.

JPM-SU Tech Center

Requirements

• 2-5 years related work experience
• Basic knowledge of technology platforms and web-based applications
• Basic understanding of infrastructure control procedures and security (Networks, and Unix / Windows servers and databases)
• Knowledge of web-application security a plus
• Solid foundation in reporting and creating metrics
• Strong communication and interpersonal skills, and ability to listen, learn, speak up, and mentor
• Project / Time management skills and self-starter attitude
• Ability to work with different groups and diverse projects as a partner
• Able to demonstrate respect for diversity in opinions, people and approaches
• University 4-year degree
• Security or control related certification (e.g. CISA, CISSP) is a plus

JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.