Assessments and Exercises Vice President – Red Team Lead at JPMorgan Chase & Co. – Washington, DC, United States

Contribute to leading security and resilience efforts, develop protection strategies, and drive continuous improvement.

As Vice President of Assessments & Exercises in the Cybersecurity and Tech Controls business line, you will significantly contribute to improving the organization’s cybersecurity or resilience posture by leveraging industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and implement risk-driven tests and simulations (or manage a highly skilled team to do so) and inform analysis to clearly outline root causes. In this role, you will evaluate preventive controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

JPMC’s Assurance Operations organization is looking to expand its Cybersecurity Red Team with a North America Lead position. The North America Lead will be charged with managing and providing critical support to the company’s internal team of highly skilled and qualified Red Team members who conduct advanced adversary emulation operations to replicate relevant cybersecurity threats targeting the enterprise. The successful candidate will have a proven track record of leading advanced network exploitation operations, including Red Team operations. The successful candidate must have significant experience in Information security, people management, written and oral communicationAnd project managementThis position is expected to require the use of one or more High Risk Role (HRR) systems, which requires successful completion of extensive screening, including background, criminal and credit checks, prior to commencement of employment and annually thereafter.

Job Responsibilities

• Manage and develop an effective team of technical Red Team operators, providing leadership, coaching, mentoring and performance reviews. Ensure team members are effectively trained and equipped to work safely in highly sensitive environments.
• Develop and implement comprehensive strategies to improve the effectiveness of the Red Team program in alignment with team or organizational goals.
• Oversee a diverse portfolio of adversarial simulation engagements, ensuring that each project is accurately planned and executed. Coordinate with stakeholders to define objectives, scope, and deliverables for each engagement. Manage engagements to test and improve the organization’s security defenses, and provide detailed reports and recommendations based on findings to improve overall cybersecurity resilience.
• Design and conduct tests and simulations, such as penetration tests, technical controls assessments, cyber exercises or resilience simulations, and contribute to the development and refinement of assessment methodologies, tools and frameworks to ensure alignment with company strategy and compliance with regulatory requirements.
• Evaluate the effectiveness of controls and their impact on operational risks, as well as opportunities to automate control evaluation
• Work closely with cross-functional teams to develop comprehensive assessment reports, including detailed findings, risk assessments and remediation recommendations, and make data-driven decisions that encourage continuous improvement.
• Use threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to improve the company’s assessment strategy and risk management. Collaborate with peers and industry groups that share threat intelligence analysis

Required qualifications, abilities and skills

• 5+ years of experience in cybersecurity or resilience, with proven exceptional organizational skills to plan, design, and coordinate the development of offensive security tests, assessments, or simulation exercises
• Demonstrated ability with at least 2+ years of experience managing teams of technical staff, or the ability to create long-term strategic plans, and experience executing process improvement based on operational lessons learned and threat intelligence input. Must have a strong understanding of networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, system and software vulnerabilities and exploitation techniques, and web application vulnerabilities and exploitation techniques
• Technical knowledge or experience developing scripts in-house, using interpreted languages ​​such as Ruby, Python or Perl, compiled languages ​​such as C, C++, C# or Java, and security tools or technology such as firewalls, IDS/IPS, EDR, web proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team results is highly desirable
• Excellent command of cybersecurity organization practices, operational risk management processes, principles, architectural requirements, technical threats and vulnerabilities, including incident response methodologies
• Renowned cybersecurity expert who keeps his technical skills up to date and participates in multiple forums
• Expertise in Agile and being able to work with at least one of the common frameworks
• BS/BA degree or equivalent
• Knowledge of cybersecurity or resilience organizational practices in the U.S. financial services industry, operational risk management processes, principles, regulations, threats, risks, and incident response methodologies
• Ability to identify systemic security or resilience issues related to threats, vulnerabilities, or risks, with emphasis on recommendations for improvements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resilience testing equivalents
• Excellent communication, collaboration and reporting skills, with the ability to influence and engage stakeholders across functions and levels

Desired qualifications, abilities and skills

• Desired qualifications include: Background in the intelligence community, knowledge of the financial sector or other major security and IT infrastructures, and relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), SANS (GPEN, GXPN, GWAPT), CREST/Tiger Scheme Certified Tester, and detailed knowledge of current international best practices in privacy and information security.
• Technical knowledge or experience developing scripts in-house, using interpreted languages ​​such as Ruby, Python or Perl, compiled languages ​​such as C, C++, C# or Java, and security tools or technology such as firewalls, IDS/IPS, EDR, web proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team results are highly desirable. We would like to meet you.

JPMorgan Chase & Co., one of the oldest financial institutions, provides innovative financial solutions to millions of consumers, small businesses and many of the world’s leading corporate, institutional and government clients under the JP Morgan and Chase brands. With a history spanning more than 200 years, today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total compensation package including base salary determined by role, experience, skills and location. For those in qualifying roles, we offer discretionary incentive compensation that may be awarded in recognition of company and individual performance and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive healthcare coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the application process.

We recognize that our people are our strength and that the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and are committed to diversity and inclusion at our company. We do not discriminate on the basis of any protected characteristic, including race, religion, color, national origin, sex, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected by applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. For more information on requesting an accommodation, please visit our FAQs.

JPMorgan Chase is an equal opportunity employer, including disabled/veterans