Technology Risk and Controls [Multiple Positions Available]

DESCRIPTION:

Duties: Oversee GT and operational metrics, impacting cyber and tech risk management for business lines, entities, and compliance with regulators, safeguarding JPMC's reputation and integrity.

Develop a framework ensuring metrics are relevant, comprehensive, and aligned with industry standards and regulatory requirements across control domains, including technology development, resiliency, and data protection.

Act as the first line of defense by developing a strategic plan for GT Metrics, aligning with risk management and business objectives, covering controls and risk types for robust global metrics coverage.

Enforce partnerships with second and third defense lines to ensure the metrics program meets stringent risk reporting criteria, fortifying compliance and risk management.

Lead advisory roles with metric owners, providing guidelines and tactical solutions to define metrics' scope and thresholds.

Drive automation of the GT Metrics process, enhancing efficiency, accuracy, and responsiveness in risk management.

Lead collaboration with IT, operations, compliance, and audit teams to ensure an integrated approach to risk management, reinforcing the firm's security posture.

QUALIFICATIONS:

Minimum education and experience required: Bachelor's degree in Electrical and Electronic Engineering, Computer Science and Information Security, or related field of study plus seven (7) years of experience in the job offered or as Technology Risk and Controls, Cybersecurity and Technology Controls, Senior consultant, or related occupation.

The employer will alternatively accept a Master's degree in Electrical and Electronic Engineering, Computer Science and Information Security, or related field of study plus five (5) years of experience in the job offered or as Technology Risk and Controls, Cybersecurity and Technology Controls, Senior consultant, or related occupation.

Skills Required: This position requires five (5) years of experience with the following: Identifying, assessing, and providing recommendations for mitigating risk in Information technology or information security settings.

This position requires one (1) year of experience with the following: End-to-end designing and administrating risk and control metrics across the technology risk metrics lifecycle; Developing and implementing Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), sourcing and integrating data from multiple systems, calibrating metric thresholds based on risk appetite, conducting ongoing performance monitoring, executing breach escalation protocols, and preparing comprehensive reports for technology control forums; Reviewing the effectiveness and utilization of KPIs and KRIs across key technology domains, including Data Protection such as ensuring data confidentiality or compliance, Identity and Access Management such as monitoring secure access controls, Technology Resiliency such as assessing system uptime and recovery capabilities, Vulnerabilit...