Cyber Security Incident Management and Response

Job Description
Propel operational success with your expertise in technology support and a commitment to continuous improvement.
As a Technology Support III in the Cybersecurity & Technology Controls (CTC) Incident Management & Response (IMR) team, you will be responsible for maintaining the operational stability, availability, and performance of our production application flows. Your role will involve troubleshooting, maintaining, identifying, escalating, and resolving production service interruptions for all internally and externally developed systems, thereby ensuring a seamless user experience. Furthermore, you will be instrumental in fostering a culture of continuous improvement within the team.
Job responsibilities

• Provides end-to-end application or infrastructure service delivery to enable successful business operations of the firm.
• Supports the day-to-day maintenance of the firm's systems to ensure operational stability and availability.
• Assist in the monitoring of production environments for anomalies and address issues utilizing standard observability tools.
• Identify issues for escalation and communication, and provide solutions to the business and technology stakeholders.
• Analyze complex situations and trends to anticipate and solve incident, problem, and change management in support of full stack technology systems, applications, or infrastructure.
• Serve as a key member of the Cybersecurity & Technology Controls (CTC) Incident Management & Response (IMR) team within the Global Incident Command Center (GICC), providing 24/7 support for incident management and response.
• Execute the Firm-wide Cybersecurity Incident Management Playbook to orchestrate actions during the lifecycle of cybersecurity events, aiming to prevent or mitigate impacts.
• Act as the frontline defense for cybersecurity incidents, ensuring effective and timely resolution of security issues against the firm's infrastructure and work closely with Cybersecurity Operations Incident Response teams and Enterprise Technology Product and Engineering teams to mitigate and remediate events and incidents.
• Collaborate with internal and external partners, including regulatory, compliance, privacy, and media communications teams, to manage incidents as well as utilize command and control, communication, and documentation skills to ensure the stability, capacity, and resiliency of products.
• Analyze operational metrics to identify process improvements and deliver constructive feedback to the team.
• Engage in continuous improvement of practices and processes, and participate in research, internal procedure uplift, and internal tools development.

Required qualifications, capabilities, and skills

• Incident Management or Incident Response experience in an enterprise environment.
• Demonstrated command and control, documentation, and communication skills in previous roles.
• Able to communicate technical topics both in writing and verbally to senior management from technical and non-technical backgrounds.
• Good understanding of the ITIL framework and ideally experience with incident management tools.
• Basic understanding of various operating systems, network fundamentals, cyber tools, and cloud architecture.
• High-level understanding of cybersecurity attack frameworks, such as MITRE ATT&CK and Cyber Kill Chain.
• Ability to exercise excellent judgment and decision-making skills under pressure, and know when to escalate situations.
• Ability to influence senior technology managers across organizational boundaries through formal and informal channels.
• Proactive with a strong bias for action, naturally inquisitive, and committed to continuous personal and team improvement.
• Experience with delivering constructive feedback to a team on a continuous basis.

Preferred qualifications, capabilities, and skills

• ITIL Certification.
• Baseline cybersecurity certifications, such as Security+ or Google Cybersecurity Certificate.
• Appreciation of the wider roles of interconnecting cybersecurity teams and collaboration with teams like Forensics, Threat Intelligence, Penetration Testing, and Vulnerability Management.
• Demonstrated ability to multitask and prioritize in a stressful environment; results-oriented.

About Us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
About the Team
The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.