Supplier Cybersecurity Controls Assessor
Company: JPMorgan Chase & Co.
Location: Columbus
Posted on: April 1, 2026
|
|
|
Job Description:
Description Are you interested in joining an industry-leading
Third Party Risk Management team? We are hiring cybersecurity risk
professionals. As a Supplier Cybersecurity Controls Assessor within
our Supplier Assurance Services (SAS) team, you will perform
comprehensive risk assessments of suppliers within JPMC’s Corporate
Third Party Oversight (CTPO) program. The SAS team supports JPMC’s
Cybersecurity and Technology functions by designing and
implementing controls and processes to enhance the security posture
of JPMC’s supply chain. As part of Global Supplier Services (GSS)
and reporting directly to JPMC’s Global Head of Corporate Third
Party Oversight, you will conduct technology and cybersecurity
control assessments of supplier environments, including services
hosted in public cloud providers. You will evaluate the
effectiveness of controls in supplier infrastructure, application
stacks, cloud hosts, and other technologies, ensuring the
confidentiality and integrity of JPMC’s data stored in supplier
environments and the availability of JPMC’s services provided by
suppliers. To effectively assess suppliers, you will stay informed
of the latest cyber risks in the industry and current adversarial
tactics, techniques, and procedures. Your leadership skills and
proven ability to function with minimal day-to-day oversight will
help you navigate complex stakeholder organizations and sensitive
JPMC supplier relationships, making your work in SAS a critical
component of JPMC’s overall defensive risk posture. Job
responsibilities Partner with the primary SAS Assessor to dive
further into supplier security stacks and assist with field work
materials to ensure they are complete and meet JPMC expectations.
Provide cybersecurity risk and controls expertise during the onsite
/ virtual assessment alongside the primary SAS Assessor. Identify
cybersecurity risks and weaknesses within suppliers’ IT and hosted
cloud environments and document remediation plans. Identify
opportunities for process improvements to deliver increased
operational efficiency and opportunities for improving supplier
posture including expanded monitoring, key risk indicator tracking,
etc. Required qualifications, capabilities, and skills 7-10 years
of experience in Technology, Technology Risk & Controls, Cyber
Operations, Application Security, Cloud Security (SaaS, PaaS &
IaaS), Network Security, or Cyber Resiliency within a large
enterprise-level environment. Subject Matter Expertise of
cybersecurity operations including defensive architectures and
processes to combat adversarial activities Proficient in techniques
for incident management, incident handling, incident
investigations, root cause analysis, and related processes Strong
written and verbal presentation skills at the senior management
level including ability to describe cyber risks in terms relatable
to business stakeholders Experience debating issues with senior
decision makers and pushing back when necessary Preferred
qualifications, capabilities, and skills Hands-on, practical
experience in red teaming, blue teaming or penetration testing is a
plus CISSP, CCSP or similar certifications are a plus
Keywords: JPMorgan Chase & Co., Canton , Supplier Cybersecurity Controls Assessor, IT / Software / Systems , Columbus, Ohio
