Tech Risk and Controls Lead

The Cybersecurity & Technology Controls group at JPMorganChase aligns the firms cybersecurity access management controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The groups number one priority is to enable the business by keeping the firm safe stable and resilient.

As a Technology Risk and Controls Lead in the cybersecurity and tech controls organisation you will play a crucial role in identifying assessing and mitigating technology risks in line with the firms standards. You will provide subject matter expertise and technical guidance to technology-aligned process owners ensuring that implemented controls operate effectively and comply with regulatory legal and industry requirements.

Partnering closely with various stakeholders including Product Owners Business Control Managers and Regulators you will contribute to delivering a comprehensive view of technology risk posture and its impact on the business. Leveraging your broad knowledge of risk management principles and technical experience you will support governance and compliance efforts and enhance the firms overall risk posture.

Job responsibilities

• Ensure effective identification quantification communication and management of technology risk with a strong focus on root cause analysis and recommending resolution actions.
• Develop and maintain robust relationships becoming a trusted partner with lines of business technologists assessment teams and data officers to facilitate cross-functional collaboration and progress toward shared goals.
• Execute reporting and governance of controls policies issue management and measurements providing senior management with insights into control effectiveness and informing governance activities.
• Proactively monitor and evaluate control effectiveness identify control gaps and recommend enhancements to strengthen risk posture and ensure regulatory compliance.
• Provide clear and concise executive summaries of complex technical issues and emerging risks to senior management and stakeholders.
• Support the assessment monitoring and reporting of technology risks to ensure compliance with firm standards regulatory requirements and industry best practices.
• Analyze complex risk and control issues and recommend risk mitigation strategies based on thorough root cause analysis.
• Document and articulate risks appropriately; collaborate with application teams to raise issues and develop action plans.
• Work closely with application teams to identify threat vectors through threat modelling and support the implementation of mitigation measures.

Required Qualifications Capabilities and Skills

• Formal experience or equivalent expertise in technology risk management information security or a related field with an emphasis on risk identification assessment and mitigation.
• Familiarity with risk management frameworks industry standards and financial industry regulatory requirements.
• Proficient knowledge and expertise in data security risk assessment and reporting control evaluation design and governance with a proven record of implementing effective risk mitigation strategies.
• Good understanding of Software Development Life Cycle (SDLC) pipelines CI/CD application resiliency and security IAM data protection and vulnerability management.
• Knowledge of security controls vulnerability management and IT control policies related to public cloud environments.
• Demonstrated ability to influence executive-level strategic decision-making and translate technology insights into business strategies for senior executives.
• Strong analytical and problem-solving skills with the ability to interpret data from multiple sources to provide insightful narratives and recommendations.
• Self-starter with the ability to manage own workload effectively without close supervision.
• Ability to develop and maintain strong relationships with global and diverse stakeholder groups.
• Experience supporting audits and regulatory engagements.

Preferred Qualifications Capabilities and Skills

• CISM CRISC CISSP or similar industry-recognized risk and risk certifications are preferred.