Director - Cyber Ops

JPMorgan Chase
  • Location
    Washington, D.C.
  • Sector
  • Experience
  • Posted
    May 04

Position description

JPMC is looking for an experienced Cyber and Technology Operations professional with vision and initiative that will help drive the development of a world-class cyber threat intelligence group, partner and lead a high-performing team of creative cyber analysts and problem solvers. In the role you will spearhead tactical and strategic changes that will enhance processes and productivity across the firm, overseeing the optimization of existing technology solutions while developing new capabilities. 

As an experienced professional in our Cybersecurity & Technology Controls organization, you're equally committed to safeguarding our information and technology assets today, as well as finding innovative ways to protect them in the future. To do that, you'll play a key role in developing a shared understanding of the threats to our critical suppliers, subsidiaries, and clients relative to the evolving threat landscape, allowing the firm to make threat informed cybersecurity decisions. You'll join a highly motivated team focused on analysing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. You'll use your subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. You'll support threat analysis, incident response, and risk reviews, all of which drive cost-effective solutioning. As part of JPMorgan Chase & Co.'s global team of technologists and innovators, your work will have a massive impact, both on us as a company, as well as our clients and our business partners around the world. 

The Cybersecurity Intelligence Group (CIG) holds the global mandate for JPMC's cyber intelligence collection, analysis, and dissemination of finished products to the firm's Cybersecurity & Technology Controls teams, lines of business, and overall executive decision makers. This team is responsible for tracking threats and incidents involving the firm's third party suppliers, subsidiaries, and key clients to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. This includes developing a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyber attacks. 

You'll play an integral role in the threat driven defence of JPMC. The responsibilities for this position include, but are not limited to: 

  • Lead the firm's supplier incident response efforts/team, and drive down supplier risk. Develop the end to end process, and playbooks across the firm's stakeholders, collaborate with the firm's most critical suppliers and work towards remediation. Ensure the firm understands Supplier risk and proactively work to ensure tracking and awareness across the lines of business, and all key stakeholders 
  • Engage suppliers when they suffer a cyberattack; determine initial infection vector, attack paths, and indicators of compromise to uplift the firms' security controls, while also working through remediation plans and control uplifts to enhance the suppliers' security posture 
  • Help develop the continuous, proactive monitoring processes that alert the firm to impending or actual cybersecurity events involving our critical third-party suppliers, subsidiaries, and key clients 
  • Conduct or lead threat landscape assessments and in-depth analysis into suppliers' public-facing infrastructure to deliver to JPMC stakeholders; also conduct similar assessments for companies JPMC is looking to acquire 
  • Prepare and deliver written and verbal briefings for stakeholders 
  • Understand the regulatory landscape and work with the Firm's governance teams to ensure the firm remains at high standing 
  • Collaborate with the firms senior stakeholders on strategic process improvements where Third Party Risk is concerned 
  • Collaborate with and support the investigations and analysis of other Cybersecurity Operations teams 

This role requires a wide variety of strengths and capabilities, including: 

  • Experience with threat intelligence techniques and processes in an enterprise-level organization 
  • Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries 
  • Excellent written and verbal communication skills 
  • Knowledge of computer networking concepts and protocols, and network security methodologies 
  • Knowledge of network traffic analysis methods packet capture/protocol analysis 
  • Experience interpreting networking, data flow, and architectural diagrams to identify vectors an adversary may seek to exploit 
  • Experience leveraging the MITRE ATT&CK Framework 

This role requires the following essential qualifications and capabilities: 

  • Bachelor's Degree in Computer Science, Cybersecurity, or similar work experience in a related field. 
  • Excellent communication skills, with the ability to articulate complex threat information to technical and non-technical audiences, both verbally and in writing 
  • Demonstrated understanding of the vulnerability landscape and how it impacts the overall cyber threat landscape 
  • An understanding in current affairs, and international relations, evidenced by an understanding of geopolitical dynamics as they relate to state-sponsored intelligence operations. 
  • An understanding of the intelligence cycle, analysis methodologies, and processes. 
  • An understanding of computer networking concepts, the OSI model and underlying network protocols (e.g., TCP/IP), network traffic analysis, packet and protocol analysis. 
  • An understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques. 
  • Primarily sub-techniques associated with initial access, network communications, or deployment of malware. 
  • Specialist training or skills in one or more of the following: 
  • Open Source Intelligence (OSINT) gathering and/or analysis 
  • Social Media Intelligence (SMI/SOCMINT) gathering and/or analysis 
  • Human Intelligence (HUMINT) analysis 
  • Signals Intelligence (SIGINT) analysis 

Highly Desirable: 

  • Intelligence community experience, or comparable private sector experience 
  • Financial sector experience. 
  • Industry certifications related to Pen Testing, Forensics, Networking or Security 

Other Specific Technical Experience: 

  • Experience with performing malware analysis (static properties and dynamic) and reverse engineering. 
  • Previous experience in other information security roles such as SOC management, incident response, digital forensics, penetration testing, vulnerability management, threat intelligence, content development, or risk management 
  • Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response. 
  • Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc. 
  • Experience analyzing system and application logs to investigate security issues and/or complex operational issues. 
  • Solid understanding of enterprise detection technologies and processes across multiple control domains including email, network, endpoint, public cloud, etc 
  • Demonstrated experience with utilizing SIEM (such as Splunk, ArcSight etc.) in investigating security issues and/or complex operational issues across a broad, diverse enterprise with a large number of different technologies. 
  • Solid understanding of network protocols and operating systems across a broad, diverse enterprise with a large number of different technologies. 

Other Experience which would be of benefit to the role: 

  • Advanced knowledge of performance metrics and reporting, technical problem resolution, and risk management 
  • Experience gathering and analyzing data to effect meaningful change in areas that need improvement 
  • Advanced knowledge of architecture, design, and business processes 
  • Ability to communicate and drive the strategic direction of the firm, delivering technology solutions that meet internal and external needs 
  • Expertise prioritizing customer experience, reviewing feedback, hosting customer forums and focus groups to proactively address the needs of the customer 
  • Ability to drive performance and develop teams - recruit diverse talent, run disciplined performance reviews, and regularly collaborate and check-in on priorities to help focus on key results 
  • 5-8+ years information security experience team lead and mentoring experience is preferred 
  • Significant business analysis or systems analysis experience working in an IT operations environment. 
  • Experience investigating incidents and events in AWS, GCP and Azure 
  • Strong analytics and reporting skills, with a focus on interdepartmental communication 

About the Team 

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient. 

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment. 

When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world. 

At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you. 

Application instructions

Please be sure to indicate that you saw this position on