Technology Risk and Controls - Control Review and Governance Lead

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As the Infrastructure Platforms Control Oversight Lead at JPMorgan Chase, you lead the end-to-end workflow for reviewing and governing changes to control procedures and control objectives in the Archer catalog, acting as the voice of the customer while embedding robust governance, risk, and compliance. You will develop an intake, impact assessment, approval, and implementation tracking for catalog changes-ensuring Infrastructure Platform owned controls remain resilient, scalable, and aligned to firm, legal, and industry standards. You will also communicate changes to other control objectives and procedures to Infrastructure Platforms and gather feedback. By providing a consolidated view of technology risk posture and full traceability of control decisions, you drive continuous improvement through feedback and control testing and deliver top-tier stakeholder experiences from launch through iteration. You will also perform various QA reviews, risk governance and oversight and control and issue testing.

Job responsibilities

• Own the Infrastructure Platforms control review vision, roadmap, and backlog for Archer catalog changes, from intake through approval and implementation tracking.
• Build and operate a governance process to ensure appropriate reviews, feedback, and sign-offs for control procedure and control objective changes and their impact to Infrastructure Platforms.
• Ensure effective identification, quantification, communication, and management of technology risk, with emphasis on root-cause analysis and actionable remediation recommendations.
• Partner with Product Security, 2LOD, Audit, and Infrastructure Platform leaders to validate control design and operating effectiveness and to align with firm, legal, regulatory, and industry standards.
• Execute reporting and governance of controls, policies, issues, and metrics; provide senior management insights on control effectiveness and risk posture.
• Perform control assessments, QA reviews, issue closure testing, and oversight of remediation plans to verify sustained control performance.
• Establish KRIs/KPIs (e.g., review cycle time, defect rate, control test pass rates) and SLAs/SLOs to drive resiliency, scalability, and stability in the control review process.
• Create transparent traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts.
• Lead continuous improvement by analyzing feedback and testing results to streamline workflows, reduce risk, and enhance stakeholder experience.
• Communicate changes to control objectives and procedures to Infrastructure Platforms and coordinate adoption, training, and feedback loops.

Required qualifications, capabilities, and skills

• 5+ years of experience (or equivalent expertise) in technology risk management, information security, or related fields with a focus on risk identification, assessment, and mitigation.
• In-depth knowledge of financial regulations and compliance requirements related to cybersecurity (e.g., GDPR, PCI DSS, SOX, FFIEC).
• Understanding of national/international laws, regulations, policies, and ethics related to financial industry cybersecurity.
• Proficient in data security, risk assessment and reporting, control evaluation/design/governance, with a proven track record of implementing effective risk mitigation strategies.
• Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders.
• Working knowledge of infrastructure platforms (compute, storage, network, middleware) and cloud architectures and their control requirements.
• Experience designing, testing, and evidencing controls aligned to recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, SOC 2).
• Fluency in Agile product management practices, including backlog management, user story creation, acceptance criteria, and iterative delivery.
• Ability to build dashboards/metrics that convey control effectiveness, cycle time, and risk posture to stakeholders.
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives.

Preferred qualifications, capabilities, and skills

• AI prompt engineering experience to enhance stakeholder engagement, documentation quality, and process efficiency.
• CISM, CRISC, CISSP, CISA, or similar industry-recognized certifications preferred.
• Hands-on experience with security testing, simulations, or tabletop exercises.
• Familiarity with coding or scripting, data analytics, cybersecurity controls, cloud control design, and/or distributed technologies.
• Advanced knowledge of the product development life cycle, service design, and data analytics.
• Experience automating control evidence collection and testing (e.g., via APIs or scripts) to improve control reliability and repeatability.
• Strong data visualization and communication skills to convey complex risk and control information clearly.

ABOUT US

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

ABOUT THE TEAM

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.

Client-provided location(s): London, United Kingdom, Columbus, OH

Job ID: JPMorgan-210716719

Employment Type: FULL_TIME

Posted: 2026-03-07T19:12:49