Tech Risk Assurance Lead

The Cybersecurity and Technology Controls (CTC) organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity includes detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.

The CTC Business & Technology Resiliency Lead will drive the design, development, execution, and maintenance of business impact assessments, technology and business resiliency and recovery plans for operational resilience across Cybersecurity and Technology Controls (CTC) to ensure critical business processes remain available during a disruption. Ensuring that resiliency is designed across the life cycle of applications, thereby driving the timely and successful execution of the Recovery and Resiliency strategy. Work closely with peers from the Cybersecurity Line of Business, Technology, and Firmwide governance to continue to drive best-in-class resilient applications.

• Champion the CTC Resiliency team, representing the organization in stakeholder engagements. Develop, execute, and maintain business impact assessments, resiliency plans, and technology recovery strategies for critical business processes and applications.
• Identify and deliver on opportunities to strengthen resiliency through scrutiny of plans, open communication and by driving solutions with team members and function owners. Partner with product leads to create and maintain resiliency documentation.
• Plan, execute, and coordinate resiliency tests (Recovery Strategy, Application and MEPC) as required by regulatory authorities and designated objectives and standards (e.g., tabletop exercises, and threat-informed scenarios) (e.g., plan remediation, testing requirements, reporting).
• Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work.
• Monitor control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance. Monitor non-compliance and partner with application and governance team to work time-sensitive remediation steps.
• Support crisis management events, ensuring effective communication and coordination across all levels of the organization.
• Work closely with technology, business, and governance partners to identify risks, define recovery objectives, and map dependencies, including those related to cloud and distributed technologies.
• Develop and maintain robust relationships, becoming a trusted partner with technologists, assessment teams, and application owners, to facilitate cross-functional collaboration and progress toward shared goals.

• Formal training or certification and 5 years experience in technology resiliency, cloud, infrastructure, or security
• Strong knowledge of network architecture, cyber risk, distributed technologies, and business continuity principles.
• Experience with disaster recovery planning, testing, data analysis, and reporting.
• Familiarity with Infrastructure as Code (e.g., Terraform) and automation tools is a plus.
• Experience with regulatory frameworks (NIST, FFIEC, etc.) and tools such as Excel, JIRA, and Confluence.
• Data Analytics Skills using Excel and other data analysis tools
• Creates and promotes a culture of continuous process improvement with a risk and controls mindset
• Attested track record of working to deadlines, delivering results, with accountability and responsibility for independent workload
• Relationship building and networking across firm's functions and geographies to expand influence, knowledge, and collaboration with senior leadership

• BA/BS Degree or equivalent experience.
• Certifications such as AWS Solutions Architect, CISSP.
• Programming experience (Python, SQL) is a plus.
• Experience working with auditors.
• Familiarity with JIRA, Confluence, Alteryx, Tableau/Qlik.