DescriptionAs an Vice President - Technology Risk & Controls Lead at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you aim to effectively identify, monitor, evaluate, and manage the firm’s Technology and Cyber risks and controls, also including operational losses, material risk, regulatory changes, etc. in support of the firm’s strategic plan.
We develop comprehensive processes to monitor, assess, and manage the risk of expected and unexpected events that may have an adverse impact on the firm. Effective partnership with our customers -- executive management, business units, control departments and technology functions -- is critical for success. The ideal candidate will have solid experience in CTC controls and a proven track record in working on complex processes and technology projects in a regulated environment.
Our professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm.
Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
Job responsibilities:
- Experienced in Risk Management activities within the Tech Control Assessment Framework
- Partner with Tech Controls’ Assessment Team and conduct independent Risk Management activities on control assessment scope and approach
- Manage and execute Regulatory, Audit and Compliance Engagements, Governance oversight of CTC Product area
- Support requests from Regulatory, Audit and Compliance Engagements impacting the CTC Product function
- Develop and maintain strong business and technology relationships, becoming a trusted partner with Global Technology Policies and Controls function, Control Domain function members, LOB Information Security Managers and Assessment and Assurance Program teams
- Communicate status updates to key stakeholders and senior management
- Provide accurate metrics and management reports on a timely basis
• Support and help drive control evaluation methodology and framework within Cyber and Technology Controls function
Required qualifications, capabilities, and skills:
- Formal training or certification in technology risk concepts and 5+ years applied experience
- Gain experience with audit and/or technology risk assessment processes, and understanding of internal controls, and how they protect the firm and its clients
- Use industry best practice frameworks such as NIST, ISO, and ISACA
- Knowledge and experience with technology-relevant financial services regulations (e.g., FFIEC handbooks, etc.)
- Good working knowledge of common & current information technology implementations
- Strong communication skills – both verbal and written – to tell an effective risk story
- Ability to collaborate with high-performing teams and individuals throughout the firm to influence outcomes and accomplish common goals
- Use data and metrics (e.g., Key Risk Indicators) to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
Preferred qualifications, capabilities and skills:
- Knowledge and experience Public and Private Cloud technologies
- Experience automating compliance related risk monitoring activities
- CISA, CISSP, CRISC or other industry-recognized risk/audit certifications preferred