Tech Risk & Controls Senior Associate-PCI

Join our dynamic team to navigate complex risk landscapes and fortify technology governance, making a pivotal impact in our firm's robust risk strategy.

As a Tech Risk & Controls Senior Associate at JPMorgan Chase within the Cybersecurity and Technology Controls, you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firm's standards.

Support comprehensive assessments in line with the PCI Assessment Delivery Services framework to ensure the firm's compliance with PCI DSS requirements.

Leverage your broad knowledge in risk management principles and practices to assess and monitor risks and implement effective controls.

Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm's risk posture.

Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards.

Job responsibilities


* Assess and monitor technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices.


* Support implementation of effective controls in collaboration with cross-functional teams and stakeholders.


* Review, and analyze PCI evidentiary documentation, ensuring it meets PCI SSC requirements for quality and suitability.


* Prepare detailed assessment documentation for internal stakeholders and external assessor partners.


* Stay informed about the latest PCI DSS requirements and industry best practices.


* Provide guidance and support to teams on PCI DSS compliance and security measures.


* Collaborate with internal partners to develop and maintain security policies and procedures related to PCI DSS.


* Identify vulnerabilities and provide actionable recommendations to mitigate risks.

Required qualifications, capabilities, and skills


* Formal training or certification on security concepts and 3+ years applied experience.


* Good experience in t echnology risk and controls, risk-based consulting, risk assessments, audit, and regulatory activities, preferably in PCI Data Security Standards.


* Proficient in understanding technical diagrams and software documentation, applying that knowledge to ensure suitability.


* Knowledge of process-focused methodologies for IT-related activities (Change Management, Incident Management, and SDLC).


* IT Risk and Process frameworks: COSO, COBIT, NIST, Cybersecurity Horizontal reviews, ITIL.



* Experience in risk identification, assessment, and control evaluation, with a strong understanding of industry standards.


* Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders.


* Proficient knowledge of risk management frameworks, regulations...