CAO Global Supplier Services - Information Risk Lead - Vice President

  • Competitive
  • Singapore Singapore Singapore SG
  • Permanent, Full time
  • J.P. Morgan
  • 19 Jul 18 2018-07-19

CAO Global Supplier Services - Information Risk Lead - Vice President

About J.P. Morgan Chase & Co.

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at .

The Supplier Assurance Services organization is part of the JPMC Global Supplier Services (GSS) / Corporate Third Party Oversight (CTPO) organization. The SAS team provides IT risk management oversight on third party service providers in accordance to JPMorgan Chase (JPMC) Third Party Oversight (TPO) Standards and Global Technology Standards. The SAS Shared Service team supports number of Line of Businesses (LOBs), including Mortgage Banking (MB), Corporate Sector Functions and Technology (CS) and Consumer & Business Banking (CBB), Corporate & Investment Bank (CIB) and Asset Management (AM).

As the Supplier Assurance Service, Assessment Operations Centre: BoW & Resource Utilization APAC Lead, your primary responsibility includes performing assessment Book of Work (BOW) analysis, tracking assessment progress, resolving assessment execution issues, managing changes to BOW priorities/scope, assigning assessor resources and optimizing resource utilization. Secondary responsibility will include the conduct of specialized foreign language risk assessments of third party providers.

Primary Duties & Responsibilities:

  • Assessor Resource Utilization and forecast: Assign assessors to assessments based on skills, availability and assessors' focus areas; track and forecast assessor utilization
  • Drive all aspects of the risk assessment of third party providers.
  • BoW Baseline: Prepare Annual BOW analysis to create start of year baseline
  • BoW on-going maintenance:
    • Monitor changes to engagement risk priorities/status and manage impacts to BOW and resource utilization.
    • Prepare weekly reports identifying suppliers with multiple assessment profiles. Publish reports to assessors and tower leads requesting they review for potential consolidation. The desired goal is to reduce duplication and the overall number of assessments performed. Measured by comparing pre-analysis to post analysis population.
    • On a weekly basis, maintain and update BRU reporting suite to drive improvement in processes / procedures / tools, enhancing Book of Work management, assessment tracking and reporting. Measured by improved reporting and productivity and reduced number of exceptions.
  • BOW Progress Tracking:
    • Track assessment status - start, progress, completion, stalled, etc. Assist assessors in resolving assessment execution issues
    • Run and enhance fortnightly BOW review sessions with various assessment teams, influencing outcomes, and identifying improvement opportunities. Measured by reduced aging, past due assessments and missed milestones.
  • Establish strong working relationship, effective operating model with the key stakeholders, partner with SAS Leadership, LOB tower leads and SAS assessors ensuring assessments are prioritized, and on time. Can be measured by reduced outliers.
  • Ensure appropriate escalations & tracking of assessments through stakeholder interaction. Success is measured as a product of minimal number of stakeholder escalations.
  • Support Internal Audit and Regulatory Exams related to the SAS process by providing timely and accurate reports as requested by SAS governance.
  • 100% compliance to CTPO Policy and Standards, SAS Control Execution Guide, ensure BOW issues identified are addressed with assessors and escalated to SAS Leadership team appropriately. Measured by lack of escalated issues.
  • Provide management support, oversight to the Assessment Teams.
  • Acquire and retain talent, work with HR in developing strong pipeline of potential analysts.
  • Foster Rewards and Recognition culture within the Teams and encourage right behaviors.

  • Mandarin/Japanese language fluency strongly preferred
  • Should have 5+ years of data visualization/data presentation experience.
  • Fluency using statistics and data visualization to answer questions about data sets
  • 5+ years of experience in IT Risk management, audit or equivalent
  • Proficient technical skills, including: audit, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management.
  • Proficient working knowledge within the following risk domains/technologies:
    • Database and application security
    • IDS/IPS technologies
    • System/Access Administration
    • Firewall technologies
    • Network Architecture
    • Security Event Logging & Monitoring
    • Key Management/Tokenization
    • Database/Application/Network Layer Secure Protocols
    • Physical and Environmental Security
    • Secure Software/Code Development
    • Change Management
    • Vulnerability Management
  • Effective communication skills. Specifically, you can explain complex issues to various audiences, are able to think about the big picture when communicating, and can summarize technical details succinctly
  • Proficient risk assessment, interpretation, analytical and negotiation skills.
  • Excellent organizational skills
  • IT Risk Management / Audit industry certification (such as CISSP, CISA,CRISC, etc.) required
  • Master's degree preferred, Bachelor's degree required or equivalent technical experience in statistics or computer science.