Tech Risk and Controls Lead(IT Audit)

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence driving innovation in risk management.

As a Tech Risk & Controls Lead at JPMorganChase within Cybersecurity Technology and Controls you will evaluate delivery quality and integrity across a range of Global Technology Control Assessments including SOX SOC PCI FedRAMP and other regulatory frameworks. You will provide subject matter expertise and technical guidance to technology-aligned process owners ensuring controls are operating effectively and in compliance with regulatory legal and industry standards. By partnering with Service Leads Business Control Managers and Regulators you will help report a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles will enable you to drive innovative solutions and manage a diverse team in a dynamic risk landscape.

You will help define and implement best-in-class assessment methodologies and practices. This role is ideal for professionals with significant experience in audit risk or compliance who are looking to make a strategic impact through leadership and innovation.

Job responsibilities

• Lead and execute comprehensive independent evaluations of control and compliance assessments across all phasesplanning execution and reportingensuring accuracy reliability consistency and compliance throughout.
• Operate independently to document assessment results with clear workpapers findings improvement opportunities and remediation actions.
• Oversee and perform testing of GTCA controls and processes ensuring assessments are based on verified evidence and aligned with assessment methodologies and practices to address all relevant regulatory requirements risks and controls.
• Present review progress key insights and strategic recommendations to senior leadership and governance committees.
• Proactively identify manage and mitigate delivery risks by addressing potential obstacles and implementing contingency strategies to sustain program momentum.
• Foster a culture of continuous improvement and operational excellence providing training and driving innovation in methodologies and processes.
• Leverage your expertise in assurance and review methodologies to ensure methodological rigor consistent application of standards and thorough review and validation of deliverables.
• Review assessments and reports to validate they are completed on schedule based on verified data and address relevant regulatory requirements risks and controls.
• Evaluate ongoing improvements to processes and tools and verify that team members are well-trained and knowledgeable about current regulations and assessment practices.
• Ensure assessments are objective transparent and ethically conducted maintaining confidentiality and data privacy and compliance with all relevant laws regulations and internal policies.

Required qualifications capabilities and skills

• Formal training or certification on security concepts and five years of experience in IT risk audit compliance or control assessment including at least three years of internal or external audit experience leading reviews and managing stakeholders in large financial institutions.
• Proven ability to lead projects and teams manage multiple assessment reviews and collaborate effectively across functions in complex environments.
• Exceptional written and verbal communication skills with the ability to translate complex technical and regulatory information into clear actionable messaging for diverse audiences including senior leaders stakeholders and clients.
• Detail-oriented with strong documentation skills and a demonstrated ability to learn and apply new concepts quickly.
• Skilled in critical thinking root cause analysis and structured problem-solving to drive continuous improvement.
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.
• Strong background in information security IT General Controls risk and control frameworks and regulatory compliance including hands-on experience with SOX SOC PCI and regulatory technology assessments.

• Growth mindset with the ability to drive strategy and execute at scale.

Preferred qualifications capabilities and skills

• CISA CIA CPA CISSP or similar industry-recognized risk certifications are preferred.

#CTC