Tech Risk and Controls Lead

The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.

As a Technology Risk and Controls Lead in the cybersecurity and tech controls organisation, you will play a crucial role in identifying, assessing, and mitigating technology risks in line with the firm's standards. You will provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls operate effectively and comply with regulatory, legal, and industry requirements.

• Ensure effective identification, quantification, communication, and management of technology risk, with a strong focus on root cause analysis and recommending resolution actions.
• Develop and maintain robust relationships, becoming a trusted partner with lines of business technologists, assessment teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals.
• Execute reporting and governance of controls, policies, issue management, and measurements, providing senior management with insights into control effectiveness and informing governance activities.
• Proactively monitor and evaluate control effectiveness, identify control gaps, and recommend enhancements to strengthen risk posture and ensure regulatory compliance.
• Provide clear and concise executive summaries of complex technical issues and emerging risks to senior management and stakeholders.
• Support the assessment, monitoring, and reporting of technology risks to ensure compliance with firm standards, regulatory requirements, and industry best practices.
• Analyze complex risk and control issues and recommend risk mitigation strategies based on thorough root cause analysis.
• Document and articulate risks appropriately; collaborate with application teams to raise issues and develop action plans.
• Work closely with application teams to identify threat vectors through threat modelling and support the implementation of mitigation measures.

• Formal experience or equivalent expertise in technology risk management, information security, or a related field, with an emphasis on risk identification, assessment, and mitigation.
• Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements.
• Proficient knowledge and expertise in data security, risk assessment and reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies.
• Good understanding of Software Development Life Cycle (SDLC) pipelines, CI/CD, application resiliency and security, IAM, data protection, and vulnerability management.
• Knowledge of security controls, vulnerability management, and IT control policies related to public cloud environments.
• Demonstrated ability to influence executive-level strategic decision-making and translate technology insights into business strategies for senior executives.
• Strong analytical and problem-solving skills with the ability to interpret data from multiple sources to provide insightful narratives and recommendations.
• Self-starter with the ability to manage own workload effectively without close supervision.
• Ability to develop and maintain strong relationships with global and diverse stakeholder groups.
• Experience supporting audits and regulatory engagements.

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred.