Opportunity to shape risk culture and ensure technological safeguards in a dynamic, collaborative environment.

 

As a Tech Risk Assurance Lead in Cybersecurity and Technology Controls, you will lead expert technical risk assurance and control oversight to ensure the firm's products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management, you will work with cross-functional teams to identify, assess, and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firm's operations, financial management, and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.

The Data Risk Pillar is responsible for coordinating the organization, framework, program, and approach for JPMC policies, standards, control objectives, risk assessments, monitoring, and aggregated risk reporting associated to the implementation of technology controls aligned to the Data Risk Pillar. Risk Leads provide input into monthly risk reporting, quarterly operational risk reporting, and recurring board audit reporting.  This role engages in areas of technology architecture, technology design, development, and monitoring of global control programs and acts as a liaison between management, lines of business, internal and external audit, and global regulators. Additionally, for Data Management, the individual in this role may have interaction with the firm wide Chief Data & Analytics Office (CDAO) and line of business Chief Data Officers (CDO)

Job responsibilities

Investigate, analyze, document, remediate, track, and report on technology risks and associated controls Design and development of control requirements based on new and emerging technological solutions in a measurable way Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and global audits where the Risk Pillar is engaged Provide strategic drive for engagement efficiency, effectiveness and transparent, measurable, sustainable control improvements, including process enhancements and use of automated data collection techniques Define and proactively monitor Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps Provide leadership and advise on material remediation activities ensuring appropriate resolution of issues, action plans, breaks, and remedies and support the closure verification process Maintain an in depth understanding of the Data Risk Pillar domains consisting of Information & Technology Asset Management, Technology Data Management & Privacy, and Identity & Access Mgmt. Maintain knowledge of Technology Architecture Governance Control Objective, driving requirements for Data Risk Pillar into process Support risk decisions for product roadmap prioritization and control implementations supported by documentation and evidence. Manage the risk profile of aligned products, and translate risks into functional requirements, non-functional requirements and constraints together with the LOB business partners and GT Product Lines Effectively create, maintain and communicate Global Technology Executive Metrics 

Required qualifications, capabilities, and skills

5+ years of experience or equivalent expertise in technology risk management, information security, or a related field Direct experience with IT Asset Management (ITAM), Identity & Access Management (IAM), and/or Data Risk Management (Privacy Risk & Controls) Knowledge of process-focused methodologies for IT related activities (Cloud, Asset Procurement, Asset Maintenance, Asset Lifecycle, Technology Data Management Subject matter expert on technology risk management with complete understanding of IT control policies and industry-standard risk/control frameworks: ITIL, COSO, NIST, PCI-DSS, COBIT, etc. Proven ability to examine, improve and execute the organization's existing processes and procedures for risk assessment Able to review, understand, and rely on technical and software documentation and apply that knowledge into practice Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls Understand and support regulatory engagements primarily aligned to the FFIEC Architecture, Infrastructure, and Operations (AIO) and Information Security handbooks Versed in industry best practices and control guidance provided by NIST, MITR ATT&CK, Data Management Book of Knowledge (DMBOK), and others Ability to prioritize and work under stringent timelines Ability to lead within a cross line of business technology organization, empower people, build rapport, garnering respect and appropriately exercising authority in a collaborative cross-cultural environment