Rodeo
ResourcesPartnersSign in

JPMorgan Chase & Co.

Assessments & Exercises Director - Third Party Assurance

Bournemouth
Posted about 2 months ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Assessments & Exercises Director - Third Party Assurance

Job Summary

As an Executive Director within the Cybersecurity and Technology Controls (CTC) Assessments & Exercises function, you will serve as the senior technical authority for third-party cybersecurity assurance. You will bring deep, hands-on expertise in cybersecurity architecture, cloud security, and enterprise control frameworks to critically evaluate the control maturity of the firm's most complex and strategically significant suppliers. 

Reporting to the Global Third-Party Assurance Lead, you help to elevate the technical rigor, depth, and credibility of third-party assurance outcomes. You will translate complex technical findings into clear, business-relevant risk insights for senior stakeholders across Cybersecurity, Technology, Risk, and the Business, and will act as a trusted escalation point for the most technically challenging assessments.

Job Responsibilities

  • Provide authoritative technical leadership across third-party cybersecurity assessments, bringing deep expertise in cybersecurity architecture, cloud-native and hybrid environments, application security, and enterprise control domains.
  • Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture, control maturity, and architectural resilience, particularly for the firm's most critical and complex third-party relationships.
  • Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firm's risk appetite.
  • Evaluate supplier security architectures across public cloud providers (AWS, Azure, Google Cloud), assessing the design and effectiveness of controls in cloud-native, hybrid, and on-premises environments.
  • Act as the senior technical escalation point for complex supplier risks, control gaps, and remediation strategies, providing credible challenge and expert advisory input.
  • Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities, including architecture reviews, threat modelling, and cloud security posture evaluation.
  • Translate complex technical cybersecurity risks and supplier control deficiencies into clear, actionable, business-relevant insights for senior leadership and non-technical audiences through detailed reports, presentations, and other appropriate methods.
  • Partner with Product Security, Cybersecurity Architecture, Technology Risk & Controls, and Cybersecurity pillar leads to ensure alignment in control intent, solution design, and third-party risk remediation.
  • Lead thematic analysis to identify systemic technical weaknesses, emerging risks, and trends across the supplier landscape, and recommend strategic remediation approaches.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Required Qualifications, Capabilities, and Skills

  • 10+ years of professional experience in cybersecurity, with significant depth in senior technical and/or architecture-focused positions.
  • Proven ability to assess and articulate the cybersecurity control maturity of complex technology environments, including enterprise, cloud-native, and hybrid architectures.
  • Deep, hands-on expertise in cybersecurity architecture, threat modelling, and designing or evaluating secure controls for enterprise-level solutions.
  • Strong understanding of industry cybersecurity frameworks and key control domains (e.g., NIST CSF, ISO 27001, FFIEC, SOC 2, GDPR).
  • Thorough design and operational experience across one or more major public cloud providers (AWS, Azure, Google Cloud), with relevant certifications advantageous.
  • Proficiency with Cloud Security Posture Management (CSPM) tools and cloud security assessment methodologies.

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs [https://careers.jpmorgan.com/us/en/how-we-hire/faqs] for more information about requesting an accommodation.

The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cybersecurity Architecture
Cloud Security
Third-Party Assurance
Threat Modelling
Enterprise Control Frameworks
Cloud-Native Security
Hybrid Cloud Security
Application Security
Risk Assessment
Control Maturity Evaluation
CSPM Tools
NIST CSF
ISO 27001
SOC 2
GDPR
Technical Leadership

Location

Bournemouth, England, United Kingdom

Sign up to applySee more jobs like this