Technology Risk and Controls Control Review and Governance Lead

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence driving innovation in risk management.

As the Infrastructure Platforms Control Oversight Lead at JPMorgan Chase you lead the end-to-end workflow for reviewing and governing changes to control procedures and control objectives in the Archer catalog acting as the voice of the customer while embedding robust governance risk and compliance. You will develop an intake impact assessment approval and implementation tracking for catalog changesensuring Infrastructure Platform owned controls remain resilient scalable and aligned to firm legal and industry standards. You will also communicate changes to other control objectives and procedures to Infrastructure Platforms and gather feedback. By providing a consolidated view of technology risk posture and full traceability of control decisions you drive continuous improvement through feedback and control testing and deliver top-tier stakeholder experiences from launch through iteration. You will also perform various QA reviews risk governance and oversight and control and issue testing.

Job responsibilities

• Own the Infrastructure Platforms control review vision roadmap and backlog for Archer catalog changes from intake through approval and implementation tracking.
• Build and operate a governance process to ensure appropriate reviews feedback and sign-offs for control procedure and control objective changes and their impact to Infrastructure Platforms.
• Ensure effective identification quantification communication and management of technology risk with emphasis on root-cause analysis and actionable remediation recommendations.
• Partner with Product Security 2LOD Audit and Infrastructure Platform leaders to validate control design and operating effectiveness and to align with firm legal regulatory and industry standards.
• Execute reporting and governance of controls policies issues and metrics; provide senior management insights on control effectiveness and risk posture.
• Perform control assessments QA reviews issue closure testing and oversight of remediation plans to verify sustained control performance.
• Establish KRIs/KPIs (e.g. review cycle time defect rate control test pass rates) and SLAs/SLOs to drive resiliency scalability and stability in the control review process.
• Create transparent traceability for catalog changes including impact assessments decisions evidence and audit-ready artifacts.
• Lead continuous improvement by analyzing feedback and testing results to streamline workflows reduce risk and enhance stakeholder experience.
• Communicate changes to control objectives and procedures to Infrastructure Platforms and coordinate adoption training and feedback loops.

Required qualifications capabilities and skills

• 5 years of experience (or equivalent expertise) in technology risk management information security or related fields with a focus on risk identification assessment and mitigation.
• In-depth knowledge of financial regulations and compliance requirements related to cybersecurity (e.g. GDPR PCI DSS SOX FFIEC).
• Understanding of national/international laws regulations policies and ethics related to financial industry cybersecurity.
• Proficient in data security risk assessment and reporting control evaluation/design/governance with a proven track record of implementing effective risk mitigation strategies.
• Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders.
• Working knowledge of infrastructure platforms (compute storage network middleware) and cloud architectures and their control requirements.
• Experience designing testing and evidencing controls aligned to recognized frameworks (e.g. NIST CSF ISO 27001 CIS Controls SOC 2).
• Fluency in Agile product management practices including backlog management user story creation acceptance criteria and iterative delivery.
• Ability to build dashboards/metrics that convey control effectiveness cycle time and risk posture to stakeholders.
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives.

Preferred qualifications capabilities and skills

• AI prompt engineering experience to enhance stakeholder engagement documentation quality and process efficiency.
• CISM CRISC CISSP CISA or similar industry-recognized certifications preferred.
• Hands-on experience with security testing simulations or tabletop exercises.
• Familiarity with coding or scripting data analytics cybersecurity controls cloud control design and/or distributed technologies.
• Advanced knowledge of the product development life cycle service design and data analytics.
• Experience automating control evidence collection and testing (e.g. via APIs or scripts) to improve control reliability and repeatability.
• Strong data visualization and communication skills to convey complex risk and control information clearly.