Tech Risk Assurance Lead

The Cybersecurity and Technology Controls (CTC) organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure.

The scope of Cybersecurity includes detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat.

We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.

The CTC Business & Technology Resiliency Lead will drive the design, development, execution, and maintenance of business impact assessments, technology and business resiliency and recovery plans for operational resilience across Cybersecurity and Technology Controls (CTC) to ensure critical business processes remain available during a disruption.

Ensuring that resiliency is designed across the life cycle of applications, thereby driving the timely and successful execution of the Recovery and Resiliency strategy.

Work closely with peers from the Cybersecurity Line of Business, Technology, and Firmwide governance to continue to drive best-in-class resilient applications.

Job Responsibilities:


* Champion the CTC Resiliency team, representing the organization in stakeholder engagements.

Develop, execute, and maintain business impact assessments, resiliency plans, and technology recovery strategies for critical business processes and applications.


* Identify and deliver on opportunities to strengthen resiliency through scrutiny of plans, open communication and by driving solutions with team members and function owners.

Partner with product leads to create and maintain resiliency documentation.


* Plan, execute, and coordinate resiliency tests (Recovery Strategy, Application and MEPC) as required by regulatory authorities and designated objectives and standards (e.g., tabletop exercises, and threat-informed scenarios) (e.g., plan remediation, testing requirements, reporting).


* Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work.


* Monitor control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance.

Monitor non-compliance and partner with application and governance team to work time-sensitive remediation steps.


* Support crisis management events, ensuring effective communication and coordination across all levels of the organization.


* Work closely with technology, business, and governance partners to identify risks, define recovery objectives, and map dependencies, including those related to cloud and distributed technologies.


* Develop and maintain robust relationships, becoming a truste...