Join our team to navigate the complexities of technology risk and cybersecurity, ensuring our firm leads with innovation and compliance.

As a Tech Risk Engagement Associate in our Cybersecurity and Technology Controls team, you will contribute to a team that supports the complex regulatory landscape within the firm's risk appetite. Collaborate with internal teams and external authorities to do research on technology evolvement and cyber-related developments. Your experience in data security, risk management, and security governance will enable you to make informed decisions and contribute to the continuous improvement of the firm's risk management practices. Help position JPMorgan Chase as a leader in technology risk management by engaging with stakeholders and clients and ensuring compliance with regulatory requirements.

Job responsibilities

Coordinate onsite examinations, reviews, and requests by regulators covering Global Technology, including Cybersecurity & Technology Controls, Line of Business Technology, and Firmwide Platforms and Products Technology. Provide strategic advice and regular updates to Global Technology senior management regarding the matters being handled, including, but not limited to, the timely escalation and resolution of potential issues. Communicate extensively (orally and in writing) with senior management and develop effective relationships with regulators. Establish and develop effective relationships within Global Technology, including Cybersecurity & Technology Controls, Line of Business Technology, and Firmwide Platforms and Products Technology.  With respect to technology matters, establish and develop effective relationships with Compliance, Conduct and Operational Risk (CCOR); Internal Audit; Control Management; Business Resiliency; Third Party Oversight; Risk; Business; Operations; and Legal.   Work with the relevant personnel in Global Technology and other Corporate Functions to obtain information/documentation to respond to regulatory requests. Review, analyze, and summarize information/documentation responsive to regulatory requests.  Provide feedback and strategic advice regarding responses to regulatory requests. Prepare personnel (and senior management) for meetings with regulators, including drafting written documents and leading internal prep meetings. Coordinate and lead meetings with regulators. Prepare timely meeting summaries and manage follow up requests. Identify mitigating facts and circumstances (as applicable) to respond to issues identified during examinations or other engagements. Prepare substantive written responses to regulatory requests and examination reports. Communicate with the relevant Global Technology personnel regarding regulatory issues, findings by the regulators, and remediation related to those findings.

Required qualifications, capabilities, and skills

2+ years of experience or equivalent expertise in technology risk management, cybersecurity, or a related field Experience in technology and cybersecurity at a large, global financial institution desirable but not required. Experience working with senior management at a large, global financial institution or similar organization is required. Strong organizational skills and an ability to manage multiple demands and changing priorities.  Detail oriented, self-starter with solid prioritization, planning, and time management skills. Sound judgment and an ability to make decisions quickly.  Strong analytical skills to conduct independent research, reach conclusions, and solve problems. Excellent relationship management, influencing, negotiating, and interpersonal skills.  Ability to work effectively with all levels of the organization and balance the needs of multiple functions.  Experience working across Lines of Business, countries, and regions.  Experience working with senior management. Strong oral and written communication skills with an ability to convey information in a clear and concise manner that is comprehensive, accurate, and tailored to the audience, including senior management.

 Preferred qualifications, capabilities, and skills

Knowledge of regulatory requirements and technology risk management processes and related controls. Sound understanding of risk assessment methodologies, internal controls, and industry technology risk management frameworks such as the Cyber Risk Institute (CRI) Profile, NIST Cybersecurity Framework, ITIL, COBIT, and ISO 2700 desirable, but not required Experience with applying principles outlined in regulatory guidance, including but not limited to, U.S. Regulatory Guidance in the Federal Financial Institutions Examination Council (FFIEC) Technology Handbooks Bachelor's Degree, or a similar degree.