Firmwide Technology Resiliency Controls Lead

Join our team to play a pivotal role in mitigating risks and improving how we govern the Firmwide Technology Resiliency space.

As a Controls Lead inFirmwide Technology Resiliency (FTR) you will be responsible for executing the multi-year transformation of the FTR Control framework including the redesign of controls standards and control procedures to strengthen operational resilience and ensure alignment across risk metrics and governance.

You will also provide subject matter expertise and technical guidance to technology-aligned process owners ensuring that implemented controls are operating effectively and in compliance with regulatory legal and industry standards. By partnering with various stakeholders including Cybersecurity Technology & Controls Governance Risk & Controls Teams FTR Subject Matter Experts Lines of Businesses and more you will contribute to executing a comprehensive view of technology risk posture and its impact on the business. Your advanced expertise in technology controls and risk management will empower you to drive innovative solutions oversee the enhancement of resiliency standards and procedures and effectively lead a large impactful project in a dynamic and evolving risk environment.

About Firmwide Technology Resiliency:

Firmwide Technology Resiliency is a part of the Cybersecurity & Technology Controls team and the Firmwide Resiliency Office (FRO). Our mission is to ensure JPMC technology can effectively withstand disruption and maintain business continuity in the face of severe but plausible scenarios.

This is primarily achieved through:

• Definition adoption and ongoing monitoring of opinionated technology resiliency principles & requirements
• Execution of continuous in-depth testing exercise and assessment capabilities that identify and mitigate material resiliency risk both internal to JPMC and eternally across critical suppliers peer firms and financial market utilities

Job responsibilities

• Partner with existing FTR teams to execute a comprehensive project plan ensuring alignment with GT Metrics CORE and the greater technology resiliency strategy.

• Collaborate with governance risk and technology teams across Global Technology and the Lines of Businesses to drive consensus and adoption of enhanced resiliency controls and standards.

• Oversee stakeholder engagement communication and change management to ensure successful implementation and firmwide buy-in for new resiliency controls.

• Monitor project progress proactively identify and resolve risks and roadblocks and ensure timely delivery of milestones and key deliverables.

• Provide regular updates to executive sponsors and governance forums on project status challenges and achievements related to technology resiliency controls.

• Ensure all new controls and procedures are thoroughly documented auditable and integrated into GRC platforms such as Archer.

• Champion a culture of continuous improvement and operational excellence in technology resiliency control management.

• Proactively monitor and evaluate control effectiveness identify gaps and recommend enhancements to strengthen risk posture and regulatory compliance

Required qualifications capabilities and skills

• 5 years of experience or equivalent expertise in technology risk management information security or related field emphasizing risk identification assessment and mitigation
• 5 years of project management/change management experience
• Familiarity with risk management frameworks industry standards and financial industry regulatory requirements
• Proficient knowledge and expertise in data security risk assessment & reporting control evaluation design and governance with a proven record of implementing effective risk mitigation strategies
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives

Preferred qualifications capabilities and skills

• Demonstrated experience navigating the JPMC current governance structure and/or Cybersecurity and Technology Controls overseeing a controls uplift (i.e. Archer TCC etc.) a huge plus
• CISM CRISC CISSP or similar industry-recognized risk and risk certifications are preferred