Technology Risk & Controls, Governance & Controls Management’

Technology risk and controls opportunity within a new and exciting part of the Strategic Growth Office

As a Technology Risk & Controls Framework Manager at JPMorgan Chase within the Cyber Security team, you will play a critical role in advancing the firm’s framework for managing technology risks and controls. This role requires a combination of in-depth expertise and highly effective organizational skills, and is critical to the overall success of the Information Risk Management program.

While we’re looking for professional skills, culture is just as important to us. We understand that everyone's unique – and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference – on us as a company, and on our clients and business partners around the world.

You will work closely with various partners across the firm, including colleagues in CTC, Enterprise Technology product & engineering, Technology Risk and Controls, and Technologists in our Businesses and Corporate Functions. Your ability to work effectively with a diverse set of stakeholders is essential.

Job Responsibilities:

• Support the definition and maintenance of the technology risk and control environment for the line of business.
• Perform ongoing program updates to accurately represent and maintain the firm’s complex technology operations within the Compliance Operational Risk Evaluation (CORE) system.
• Assess the effectiveness of technology controls against requirements and policy statements.
• Consult with technology owners in Product, Engineering, and Operations to appropriately model their processes, sub-processes, risks, and controls for assessment.
• Collaborate closely with Operational Risk Management and Business Controls Management to ensure that technology risk and control taxonomies are optimized.
• Drive and lead change initiatives across the Firm’s Risk Organisation to improve the understanding of technology risk.
• Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment.

Required Qualifications, Capabilities, and Skills:

• Proven experience in the technology risk & controls and information risk management fields.
• An understanding of Enterprise Risk Management practices in a technical environment.
• Technical and operational understanding of financial services regulations.
• Experience in using common technology controls industry best practice frameworks (e.g., NIST, ISO, ISACA).
• Technical Understanding of Cloud and on-prem computing (Public/AWS/GCP, Private, Hybrid).
• CISSP (Certified Information Systems Security Professional), CISM ( Certified Information Security Manager or equivalent experience.
• Strong organizational, project management, and multi-tasking skills.

Preferred Qualifications, Capabilities, and Skills:

• Ability to plan, develop content and host Technical Control Forums
• Self-motivated and self-starter with a high desire to learn and teach others
• Strong ability to perform Root Cause Analysis
• Proven ability to thrive under tight deadlines and excel in fast-paced environments
• Knowledge of various Cyber & Technology Control domain areas
• Experience in identifying and using data from large data sets to support enterprise-scale initiatives via analytics
• Ability to collaborate with high-performing teams and diverse stakeholders to accomplish common goals