Information Security Manager, Vice President

You will develop a strong understanding of the Indonesia Entity business strategy and the critical role that Global Technology and Cybersecurity and Technology Controls plays, and be able to articulate risk in a business lens. To achieve this you will establish strong connectivity and partnerships in the entity with technology and business leadership, and externally with business clients, industry partners, and government agencies. Your focus priority will be to improve Cybersecurity and Technology controls engagement with the Indonesia Entity and support business client engagement on cybersecurity and technology control matters. Additionally, you will participate in the continued transformation of our cybersecurity and technology controls capabilities that support Indonesia Entity by improving team engagement.

Roles And Responsibilities

• ISM shall have sufficient authority and stature to provide independent views to Location Management including Technology.
• Identify location and regulatory requirements and partner with local, regional and global peers and product teams to develop sustainable solutions
• Establish strong engagement with Location Senior Country business management and Regional/Global technology leadership by providing high quality security and risk advisory services.
• Support the Regional/Global Information Security Manager in tracking and reporting of cybersecurity risk and matters to regional technology operating committee.
• Responsible for bringing to the notice of the Indonesia Board/ Location Operating Committee /Technology sub-committee of the board about the cyber security risk the Indonesia entity is exposed to.
• Responsible for adopting global polices and establish entity specific procedure and enforcing compliance with necessary policies, frameworks and other technology-related regulatory requirements.
• Partner with Regional/Global peers to coordinate and support internal, external and Indonesia Regulatory related audit review and assessment exercise. Ensure compliance to the Indonesia regulatory requirements such as Annual Inherent Risk & Cybersecurity Maturity Assessment, Annual Cybersecurity Testing covering vulnerability analysis and scenario-based cybersecurity testing.
• Lead the location cybersecurity and resilience activities pertaining to Indonesia Regulator Reporting procedure and coordinate with Regional/Global Cyber Security Operation Center to produce appropriate and proactive response to cyber incidents and potential cyber incidents in the future.
• Provide partnership and support to the Regional/Global peers to develop cybersecurity and technology controls execution approach across the country business footprint
• Responsible for monitoring and timely reporting of key Technology matters covering Cybersecurity KRIs, KPIs, Cyber incidents, and Security in outsourcing requirements impacting Indonesia to location Board and Committees.
• ISM will be main point of contact with regulator on JPMC Indonesia Technology/Cybersecurity Risk matter, including managing entity-specific risks including supporting prompt cyber incident response impacting the entity.
• Coordinate effective regional partnership to enable the execution of all cybersecurity and technology controls activities affecting the Indonesia entity business and its associated technology environment
• Responsible for advising Location senior management on technology risk and security matters, including developments in the financial institution's technology security risk profile in relation to its business and operations.

Skills And Experience

You have been a successful Information Security Manager or led a successful security and risk organization with demonstrated expertise in the follow areas:

• Technology resiliency
• Vulnerability management
• Application security and secure systems development lifecycle
• Data protection
• Proven subject matter expertise in Corporate and Investment Banking in the Indonesia market
• Incident management
• Identity and access management
• IT and cybersecurity policies and standards
• Regulatory compliance
• Operational risk frameworks

Competencies

You can demonstrate the following key competencies:

• Partnership and influence
• Excellent written and oral communication
• Proficient understanding of financial institutions and underlying business processes
• Objective analysis of poorly defined problems
• Resource management
• Executive, client and industry engagement leadership
• Organizational change management
• Strong strategic vision mixed with delivery excellence
• Critical thinking
• Strong leadership, culture carrier and team player experienced in matrix organizations
• Negotiation and partner management
• Resolving Conflicts

Your expertise in cybersecurity and technology controls, combined with your desire to provide innovative security services, will be an asset to our team. Help deliver high-quality security solutions across all our lines of business around the world by creating, designing, implementing, and maintaining next-level technology.

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.