Tech Risk and Controls Director-PCI

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As a Tech Risk & Controls Director a t JPMorgan Chase within the Cybersecurity Technology and Controls , you will be responsible for ensuring adherence to the PCI DSS while driving transformation, automation, and control maturity across all cardholder data environments (CDE) and related technology systems.

As a critical control risk function within the firm, this leader will partner with technology, product, audit, and compliance stakeholders to embed PCI controls at scale, maintain year-round compliance, and reduce regulatory/contractual and reputational risk.

If you are a passionate and driven leader with a strong background in cybersecurity and PCI, we encourage you to apply for this exciting opportunity at JPMC.

Job responsibilities


* Developand drive a multi-year PCI DSS strategy aligned with enterprise technology modernization (leveraging GenAI tools and engineering forward processes), regulatory/contractual expectations, and business objectives.


* Serve as the PCI authority across the organization, translating technical and regulatory requirements into executable and auditable programs.


* Lead all phases of the PCI lifecycle, including planning, risk-based assessment execution, evidence management, control validation, compliance reporting, corrective action, and remediation.


* Manage annual and ad-hoc assessments, including self-assessment questionnaires (SAQs), Reports on Compliance (ROCs), and attestation deliverables in partnership with external Qualified Security Assessors (QSAs).


* Establish and maintain a PCI scope governance model leveraging modern tooling such as asset inventory, data discovery, and tagging.


* Chair the PCI steering committee and provide regular updates to executive stakeholders, risk committees, and regulators as needed.


* Build trusted partnerships with LOB Leaders which includes CIOs, CTOs, BISO and Business application teams, Business Information Security Officers, Infrastructure, Cloud, and Product teams to ensure control implementation and accountability.


* Build and lead a global PCI team, including compliance analysts and technical program managers.


* Modernize the PCI program with automation, evidence orchestration platforms, self-service attestations, and control-as-code frameworks.

Required qualifications, capabilities, and skills


* Formal training or certification on security concepts and 10+years of applied experience with PCI DSS, and other Regulatory frameworks.


* Deep expertise in implementing PCI requirements (v 4.0) across large scale complex organizations.


* Proficient in designing and implementing security controls for cloud environments.

(e.g., AWS, Azure, GCP)


* Hands-on experience with security assessment tools, data discovery tools, threat models and penetration testing methodologies.
...