Outsourcing Operational Risk Management Lead Vice President

Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance you are at the centre of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks and using your expert judgement to solve real-world challenges that impact our company customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box challenging the status quo and striving to be best-in-class.

As an Operational Risk Management Lead in the Compliance Conduct and Operational Risk - Outsourcing & Resiliency team you will help us identify assess and oversee operational risks across the region. You will challenge and support our partners as they deliver the risk and controls framework spotting gaps in control design and execution and driving improvements. You will lead deep-dive reviews on priority topics partner with leaders across technology and business teams and help shape risk strategy and governance. Together we will strengthen controls meet regulatory expectations and build a resilient operating environment.

Job responsibilities

• Own regional 2LOD oversight for Third Party / Outsourcing Risk: Set the regional agenda and provide credible challenge to LOB/CF and Location leads to ensure complete coverage consistent execution and timely escalation of material third party risks.
• Lead independent control assessments and risk opinions: Drive objective evaluations of third party control environments and mitigation plans (design/operating effectiveness where applicable) synthesize conclusions and deliver clear risk positions and recommended actions.
• Drive 1LOD/2LOD alignment and governance outcomes: Chair or steer alignment forums as needed to ensure consistent risk outcomes impact assessments and issue positions across stakeholders for outsourcing and third party risk.
• Coordinate jurisdictional regulatory alignment with Compliance: Translate evolving regional regulatory expectations into practical oversight requirements; partner with Compliance to ensure adherence across CTPO/Global Security and LOB/CF teams and to support regulatory/audit readiness.
• Deliver thematic risk insights and executive reporting: Run thematic analyses using KRIs/KPIs control performance data and issues/incidents to identify trends and emerging risks; communicate regional risk posture hotspots and decisions required to senior stakeholders.
• Advance the TPRM program operating model: Identify prioritize and execute program enhancements that improve transparency consistency and efficiency (e.g. standards playbooks measurement and reporting) with demonstrable impact to risk outcomes.
• Build senior stakeholder partnerships and influence decisions: Partner effectively across Technology Risk Legal Controls and Compliance; influence outcomes through strong communication relationship management and negotiationespecially where priorities conflict.
• Contribute to the development of AI-enhanced risk monitoring capabilities partnering with technology teams to drive LLM-based capabilities

Required qualifications capabilities and skills

• Bachelors Degree in Information Security Computer Science or other related disciplines
• Minimum 8 years in financial services or multinational corporations (MNCs) in roles related to risk management resiliency outsourcing program management or controls-focused areas.
• Self-starter with the ability to work independently frame complex problems clearly and identify creative solutions.
• AI/ML enablement for risk: Experience using AI models and driving value from them required
• Demonstrated experience assessing third party risk and controls performing due diligence/control reviews and providing effective challenge and risk recommendations.
• Proven 2LOD third party / outsourcing risk leadership: Experience forming risk views challenging 1LOD and driving closure on control gaps and material risk issues across multiple stakeholders.
• Strong governance execution: Ability to establish decision forums drive alignment document outcomes and ensure follow through across lines of defense and regions.
• Regulatory and audit-ready mindset: Demonstrated partnership with Compliance and capability to operationalize jurisdictional requirements into sustainable oversight practices and evidence.
• Thematic analytics & risk storytelling: Ability to turn metrics and control/issue data into prioritized insights and crisp executive narratives (what changed why so what now what).
  Technology risk depth for third party oversight: Strong command of cyber data protection and resiliency/BCP with practical ability to assess third party architecture resilience (cloud shared responsibility; HA/DR patterns).
• Executive-level communication and stakeholder influence: Confident concise communicator with the ability to negotiate and drive decisions with senior stakeholders.
• Demonstrated ability to work effectively in cross-functional teams and drive initiatives to completion in a complex matrixed organization.

Preferred qualifications capabilities and skills

• Domain Expertise: Specific expertise in third party risk management sourcing & procurement operational risk and control management is highly desirable.
• Hands-on dashboards / automation: Building automated reporting and monitoring solutions (vs. only consuming analytics).
• Deep cloud engineering expertise: Advanced architecture specialization beyond assessment needs.
• Day-one familiarity with specific regional regulators/regulatory guidelines (e.g. MAS/HKMA/OJK/BNM)
• Data-Driven Risk Analysis: Ability to analyze risk concentration areas and risk profiles by integrating and interpreting data from both internal and external sources enabling comprehensive assessment of residual risk posture.
• Complex Data Management: Experience working with large complex datasets and generating actionable reports to support risk management and decision-making.
• Analytical & Problem-Solving Skills: Strong written verbal and analytical skills with a demonstrated ability to solve complex problems and synthesize insights for stakeholders.
• Influence & Communication: Proven ability to communicate effectively and influence management at all organizational levels including external regulatory bodies.
• Strong knowledge of technology and outsourcing risk management frameworks regulatory requirements and industry standards (e.g. Basel NIST ISO 22301) including APAC-specific regulations.
• Professional certifications such as CISM CRISC CISSP CBCP or equivalent.