Associate _Supplier Assurance

Job Description

The Supplier Assurance Services organization is part of the JPMC Global Supplier Services (GSS) / Corporate Third Party Oversight (CTPO) organization. The SAS team provides IT risk management oversight on third party service providers in accordance to JPMorgan Chase (JPMC) Third Party Oversight (TPO) Standards and Global Technology Standards. The SAS Shared Service team supports number of Line of Businesses (LOBs), including Mortgage Banking (MB), Corporate Sector Functions and Technology (CS) and Consumer & Business Banking (CBB), Corporate & Investment Bank (CIB) and Asset Management (AM).In order to improve Supplier Assurance Services organization and drive efficiency, we are implementing some changes to the way we operate by establishing a Central Office that will interface with GSS/CTPO leadership and functions around the firm, and be fully dedicated to planning, business management, management reporting, stakeholder management and executive matters.As part of this centralized function, the Assessment Operations Center will be established to standardize and centralize assessment support and operational tasks as a shared-service utility supporting all assessments (CRA, ACA, and SORA).The Control Issue / Break Mgmt team will improve quality and standardize the approach to supplier control issues across SAS. This team will be responsible for:

• Manage entire issue lifecycle
• Identify trends / common issues to resolve and improve training focus areas
• Manage control issues/breaks (opening, description, severity justification, documentation, closure) in line with approved SAS procedures/guidance
• Partner with IT assessors on addressing common issue challenges

As a SAS Control Issue / Break Mgmt Analyst within this group your day to day responsibilities will be to manage the standardization, creation and closure of IT controls issues identified as part of the IT and Operational risk assessments and control breaks identified from the application security assessments (ie. CRA, ACA, and SORA) to improve the overall issue quality and articulate the risk to the business due to the supplier control breaks. This includes:

• Understand all aspects of the supplier risk assessment processes
• For IT & Operational Assessments and ACAs issues and non-compliance acceptances, manage entire issue lifecycle (identification, creation, modifications, extensions, and validate closure evidence) as per SAS Handbook.
• Ensure high rated issues are escalated as necessary to the owning business and RCSA.
• Conduct analysis of common supplier issues in order to develop issue and remediation guidance
• Partner with IT and Operational assessors to understand the control issues and breaks identified as part of the assessment process.
• Develop guidelines and templates in order to standardize common issues and controls breaks.
• Document control issues and breaks following SAS guidance and tools
• Ability to understand and articulate the risk to the business due to a supplier control issue or break
• Ability to review supplier closure evidence to determine if issue resolution and risk mitigation.
• Identify opportunities for process improvements to deliver increasing operational efficiency in the issue & break mgmt. processes.
• Identify opportunities for improving third party risk posture as well as JPMCs third party risk management processes, including expanded monitoring, KRI tracking, etc.
• Develop key performance indicators to track progress, along with success criteria
• Support internal education and best practices sharing with peers and colleagues, as well as third party education & awareness, as needed

Qualifications:

• 4-6 years of experience in Information Technology within a large enterprise level environment.
• 4-6 years of experience in Supplier Management, Risk Management, Technology Audit function or Information Security Risk
• 4-6 years of experience in a Quality Control or Quality Assurance function is a plus
• 4-6 years of experience in issue lifecycle management
• Strong understanding of Supplier IT and Operational risk.
• Complete understanding of IT control policies.

• Excellent verbal communication skills
• Strong written and verbal presentation skills at the senior management level across various business groups
• CISSP, CISM/CISA or CRISC certification is a plus

,

Keyskills :
auditqualityjavaoperationsmanagementphpassurancescriptransactionbusinessprocessingoffice