Assessments & Exercises Director - Strategy, Transformation, and Governance Lead
Company: JPMorgan Chase & Co.
Location: Wilmington
Posted on: April 1, 2026
|
|
|
Job Description:
Description Spearhead cutting-edge security strategies and
resilience initiatives, shaping the future of cybersecurity. As an
Assessments & Exercises Director in the Cyber and Tech Controls
line of business, you will lead key efforts to enhance the firm's
cybersecurity or resiliency posture. Plan and implement testing
engagement to proactively identify risks and vulnerabilities in
people, processes, and technology using advanced assessment
methodologies and techniques. Spearhead the resolution of the most
complex cyber and resiliency risks facing the firm, drawing on your
extensive experience in conducting assessments across different
systems, networks, and architectures. Your ability to analyze and
articulate the inner workings of complex vulnerabilities will
enable the firm to enhance its security strategy and mitigate cyber
and resiliency risks. JPMC’s Assurance Operations organization is
seeking a dynamic and strategic leader to fill the organization’s
Strategy, Transformation, and Governance Lead position. This role
is pivotal in driving the transformation and operational efficiency
of Assurance Operations, with a focus on optimizing delivery
processes, enhancing communication with our stakeholders, and
managing regulatory and audit requests. The Strategy Lead will
provide strategic support and direction to the firm’s internal team
of highly skilled Offensive Security testers who conduct
cybersecurity assessments (e.g. Red Team, Purple Team, Penetration
Testing) to replicate cybersecurity threats targeting the firm. The
Strategy Lead will lead a small team and be responsible for
developing standardized intake and prioritization processes,
managing vendor relationships, and overseeing budget and resource
allocation. The ideal candidate will have a proven track record in
strategic leadership, regulatory engagement, and operational
management, with the ability to foster collaboration and drive
strategic initiatives across the organization. This role requires
excellent communication skills, a strong understanding of
cybersecurity assessments, and the ability to manage complex
projects and teams effectively. Job responsibilities Develop and
implement operational plans and strategies that align with broader
functional and organizational objectives (such as the needs of the
business and regulatory expectations) Lead the successful execution
of risk-driven testing and simulations – such as penetration tests,
technical controls assessments, cyber exercises, or resiliency
simulations – and the development of comprehensive assessments
reports including actionable recommendations, report to leadership
assessment outcomes (including controls effectiveness and
operational risk) and escalate thematic trends in observations
Influence and partner with cross-functional teams to make
data-driven decisions that lead to continuous improvement Utilize
threat intelligence and security research to stay informed about
emerging threats, vulnerabilities, industry best practices, and
regulations and lead engagement with internal and external
stakeholders – including industry peers and government agencies –
to share insights and contribute to the development of
cybersecurity and resiliency policies Required qualifications,
capabilities, and skills 7 years of experience in cybersecurity or
resiliency, with demonstrated ability to implement complex
assessments or exercises collaboratively with diverse stakeholders,
subject matter experts, and senior leaders Proven ability with at
least 4 years of experience managing teams of technical staff, or
ability to create long term strategic plans, and experience
conducting process improvement based on operational lessons learned
and threat intelligence inputs. Should have a strong understanding
of networking fundamentals (all OSI layers, protocols),
Windows/Linux/Unix/Mac operating systems, system and software
vulnerabilities and exploitation techniques, and web application
vulnerabilities and exploitation techniques Technical knowledge or
experience developing in house scripting, using interpreted
languages such as Ruby, Python, or Perl, compiled languages such as
C, C++, C#, or Java, and security tools or technology such as
Firewalls, IDS/IPS, EDR, Web Proxies, DLP and the ability to
articulate and visually present complex Penetration Testing and Red
Team results Strong understanding of the current threat landscape
and resiliency concerns, national and international laws,
regulations, policies, and ethics related to cybersecurity or
resiliency Demonstrated expertise in security assessment
methodologies, threat intelligence utilization, control evaluation
techniques, or resiliency testing Experience developing and
presenting briefings to senior leaders and large audiences, in
addition to meeting facilitation, conflict resolution, and
providing program updates to senior leaders, regulators, and
industry groups Preferred qualifications, capabilities, and skills
BS/MS degree or equivalent Intelligence Community background or
understanding of the financial sector or other large security and
IT infrastructures Possess relevant industry certifications such as
Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), Offensive Security
(OSCP, OSEP, OSED, OSEE, OSCE), SANS (GPEN, GXPN, GWAPT),
CREST/Tiger Scheme Certified Tester, and detailed knowledge of
current international best practices in privacy and information
security
Keywords: JPMorgan Chase & Co., Wilmington , Assessments & Exercises Director - Strategy, Transformation, and Governance Lead, IT / Software / Systems , Wilmington, North Carolina
