Tech Risk and Controls Lead-Governance

Drive technology risk governance and control effectiveness across cybersecurity, partnering with teams to strengthen resiliency and compliance.

Join a team where your expertise helps protect the firm and our customers by strengthening technology risk governance and control outcomes.

As a Governance, Risk and Controls Governance Lead at JPMorganChase within Cybersecurity, Technology & Controls, you will identify, assess, and help mitigate operational and technology risks in line with the firm's standards.

You will provide subject matter expertise and practical guidance to technology-aligned process owners to help ensure controls are designed appropriately, operating effectively, and aligned to regulatory, legal, and industry expectations.

You will collaborate with stakeholders including Control and Product Owners, Application and Site Reliability Engineering teams, and Audit and Regulatory partners to continuously improve the technology risk posture and its business impact.

Job responsibilities


* Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations


* Develop and maintain strong relationships with line of business technologists, assessment teams, and data officers to enable cross-functional collaboration and progress toward shared goals


* Execute reporting and governance for controls, policies, issue management, and measurements, providing senior management insight into control effectiveness to inform governance decisions


* Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance


* Perform control assessments, quality assurance reviews, issue closure testing, and oversight of remediation plans to validate sustained control performance


* Establish key risk indicators, key performance indicators, and key control indicators (for example, review cycle time, defect rate, control test pass rates) and service level agreements/objectives to improve resiliency, scalability, sustainability, and stability of control reviews


* Create traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts.

Required qualifications, capabilities and skills


* Formal training or certification on security concepts and 5+ years of applied experience in technology risk management, information security, or a related field, emphasizing risk identification, assessment, and mitigation.


* Familiarity with risk management frameworks, industry standards, and financial services regulatory requirements


* Proven expertise in data security, risk assessment and reporting, and control evaluation, design, and governance, with a record of implementing effective risk mitigation strategies


* Demonstrated ability to influence executive-level decision-making and translate technology insig...