Assessments & Exercises Vice President - Offensive Security

Location: Plano, TX, United States

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of cybersecurity innovation in the financial services industry, safeguarding billions in assets and protecting our global clients from evolving digital threats. As an Assessments & Exercises Vice President - Offensive Security in our Cybersecurity Operations team, you will play a pivotal role in enhancing the firm's cybersecurity posture. Based in our state-of-the-art Plano, TX facility, you will lead sophisticated assessments of people, processes, and technology to uncover vulnerabilities before they can be exploited. This position demands a strategic thinker with deep expertise in offensive security, ensuring our banking operations remain resilient against sophisticated adversaries in a highly regulated environment. Your core responsibilities will include designing and executing red team exercises that simulate advanced persistent threats, mirroring real-world attacks on our financial infrastructure. You will collaborate closely with cross-functional teams, including risk management and compliance experts, to translate findings into actionable improvements. By leveraging cutting-edge tools and methodologies, you will identify weaknesses in our networks, applications, and human elements, all while adhering to stringent regulations like SOX and PCI-DSS that govern the financial sector. This role offers the opportunity to influence JP Morgan Chase's cybersecurity strategy at an enterprise level, contributing to the protection of our clients' trust and the stability of global markets. We seek a seasoned professional passionate about offensive security who thrives in a dynamic, high-stakes setting. Success in this position requires not only technical prowess but also the ability to communicate complex risks to non-technical executives. Joining JP Morgan Chase means becoming part of a world-class team dedicated to innovation and excellence, with ample opportunities for career growth in one of the most critical areas of modern finance. If you are ready to drive meaningful change in cybersecurity for a leading financial institution, this is your chance to make an impact.

Key Responsibilities

• Design and execute advanced offensive security assessments targeting people, processes, and technology to identify vulnerabilities in JP Morgan Chase's infrastructure
• Lead red team exercises simulating real-world cyber threats to enhance the firm's defensive capabilities in the financial services landscape
• Collaborate with cybersecurity operations teams to develop remediation strategies based on assessment findings
• Conduct thorough reporting and debriefs on exercise outcomes, providing actionable insights to senior stakeholders
• Stay abreast of emerging threats and attack vectors specific to the banking industry, integrating them into assessment methodologies
• Mentor junior team members on offensive security best practices and tools
• Ensure compliance with JP Morgan's cybersecurity standards and regulatory obligations during all assessments
• Evaluate and recommend improvements to security controls across the firm's global operations
• Participate in incident response planning by simulating attack scenarios to test preparedness

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 7 years of experience in offensive security, penetration testing, or red team operations within the financial services sector
• Proven track record of leading cybersecurity assessments and exercises in a large-scale enterprise environment
• Deep knowledge of regulatory requirements such as GDPR, SOX, and PCI-DSS applicable to financial institutions
• Experience with vulnerability assessment tools and methodologies in a banking context
• Ability to obtain and maintain relevant security certifications and clearances
• Strong understanding of risk management frameworks tailored to financial services

Preferred Qualifications

• Advanced degree (Master's or MBA) in Cybersecurity or a related discipline
• Experience working at a major financial institution like JP Morgan Chase or similar
• Familiarity with JP Morgan's internal cybersecurity policies and tools
• Prior involvement in cross-functional teams addressing cyber threats in global banking operations
• Certification in offensive security such as OSCP or GIAC Penetration Tester

Required Skills

• Proficiency in penetration testing tools such as Metasploit, Burp Suite, and Nmap
• Expertise in network security protocols and vulnerability exploitation techniques
• Strong scripting abilities in Python, Bash, or PowerShell for automation
• Knowledge of cloud security assessments in AWS, Azure, or similar environments
• Experience with social engineering and phishing simulation methodologies
• Analytical thinking and problem-solving in high-pressure scenarios
• Excellent communication skills for technical reporting and stakeholder presentations
• Leadership and team collaboration in multidisciplinary environments
• Understanding of financial data protection and encryption standards
• Familiarity with SIEM tools like Splunk for threat detection
• Risk assessment and prioritization skills
• Adaptability to evolving cyber threats in the financial sector
• Project management for coordinating complex security exercises
• Attention to detail in documenting and analyzing security findings

Benefits

• Competitive base salary and performance-based annual bonuses
• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with generous company matching
• Paid time off including vacation, sick days, and parental leave
• Professional development opportunities with tuition reimbursement for certifications
• Employee stock purchase plan and financial wellness programs
• On-site fitness centers and wellness initiatives at Plano campus
• Flexible work arrangements and hybrid work options

JP Morgan Chase is an equal opportunity employer.