Firmwide Technology Resiliency: Controls Lead

Join our team to play a pivotal role in mitigating risks and improving how we govern the Firmwide Technology Resiliency space.

As a Controls Lead in Firmwide Technology Resiliency (FTR), you will be responsible for executing the multi-year transformation of the FTR Control framework, including the redesign of controls, standards, and control procedures, to strengthen operational resilience and ensure alignment across risk, metrics, and governance.

You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Cybersecurity Technology & Controls' Governance Risk & Controls Teams, FTR Subject Matter Experts, Lines of Businesses, and more, you will contribute to executing a comprehensive view of technology risk posture and its impact on the business. Your advanced expertise in technology controls and risk management will empower you to drive innovative solutions, oversee the enhancement of resiliency standards and procedures, and effectively lead a large, impactful project in a dynamic and evolving risk environment.

About Firmwide Technology Resiliency:

Firmwide Technology Resiliency is a part of the Cybersecurity & Technology Controls team and the Firmwide Resiliency Office (FRO). Our mission is to ensure JPMC technology can effectively withstand disruption and maintain business continuity in the face of severe but plausible scenarios.

This is primarily achieved through:

• Definition, adoption, and ongoing monitoring of opinionated technology resiliency principles & requirements
• Execution of continuous, in-depth testing, exercise, and assessment capabilities that identify and mitigate material resiliency risk both internal to JPMC and eternally across critical suppliers, peer firms, and financial market utilities

• Partner with existing FTR teams to execute a comprehensive project plan, ensuring alignment with GT Metrics, CORE, and the greater technology resiliency strategy.
• Collaborate with governance, risk and technology teams across Global Technology and the Lines of Businesses to drive consensus and adoption of enhanced resiliency controls and standards.
• Oversee stakeholder engagement, communication, and change management to ensure successful implementation and firmwide buy-in for new resiliency controls.
• Monitor project progress, proactively identify and resolve risks and roadblocks, and ensure timely delivery of milestones and key deliverables.
• Provide regular updates to executive sponsors and governance forums on project status, challenges, and achievements related to technology resiliency controls.
• Ensure all new controls and procedures are thoroughly documented, auditable, and integrated into GRC platforms such as Archer.
• Champion a culture of continuous improvement and operational excellence in technology resiliency control management.
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance

• 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
• 5+ years of project management/change management experience
• Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements
• Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives

• Demonstrated experience navigating the JPMC current governance structure and/or Cybersecurity and Technology Controls, overseeing a controls uplift (i.e. Archer, TCC, etc.) a huge plus
• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred