Technology Operational Risk Vice President - GCP in London

Join a dynamic team and be at the forefront of innovation, working with cutting‐edge technologies to shape the future and drive transformative outcomes. As a Technology Operational Risk Manager – Vice President within the CCOR Technology & Cybersecurity ("CCOR Tech & Cyber") group, you will provide independent oversight of technology and cybersecurity operational risk management practices across Lines of Business (LOB), with a strong focus on cloud technology, and technical risk assessments.

You will be responsible for reviewing and assessing the governance of risks, processes, and controls, and for identifying risks inherent in JPMorgan Chase's technology environment – including both on-premises and cloud-based platforms. In this role, you will participate in technical risk assessments, review threat models for critical systems and cloud solutions, and ensure comprehensive identification and mitigation of potential vulnerabilities.

You will engage with technology teams to gain a deep understanding of the technology and control environment, including cloud architectures and security controls, and provide credible challenge on significant technology events and incidents. You will evaluate the effectiveness of risk management frameworks, policies, and procedures, ensuring they incorporate cloud‐specific risks and align with industry best practices and regulatory requirements.

Additionally, you will assess third‐party risks, particularly those associated with cloud service providers, and work with relevant stakeholders to recommend adjustments to meet JPMC policy and regulatory standards. Your expertise will be leveraged in technology governance forums, where you will provide subject matter expertise as it relates to the oversight of cyber and technology risk management associated with the International Consumer Bank (Chase UK).

Job Responsibilities

• Perform oversight of operational risks through targeted assessments of global and regional technology/cyber security processes for the International Consumer Bank (Chase UK), with a particular focus on cloud technology architectures, deployments, and associated risks.
• Oversee and participate in the execution of technical risk assessments, including the development and evaluation of threat models for critical systems and cloud‐based solutions, ensuring comprehensive identification and mitigation of potential vulnerabilities.
• Participate in assessment of emerging risks as part of strategic business risk reviews, analysis of regulatory and market developments, New Business Initiative Approvals, and review of external operational risk events.
• Stay abreast of current technology trends, vulnerabilities, and emerging technologies. Continuously monitor advancements in cloud platforms and services, and integrate cloud‐specific risk considerations into continuous oversight and risk assessments of the International Consumer Bank cloud platform.
• Engage with technology teams to gain full understanding of the technology and control environment that support this business, including hands‐on engagement with cloud infrastructure, security controls, and threat modelling practices.
• Understand third party risks as related to specific technology area of expertise, with emphasis on cloud service providers and their security postures.
• Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls.
• Apply technical risk assessment methodologies to both on‐premises and cloud environments, recommending any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.
• Participate in technology governance forums, providing subject matter expertise on cloud security, threat modelling, and technical risk assessment processes.
• Review significant events where technology is a factor and provide credible challenge, specifically evaluating incidents involving cloud platforms, threat actors, and technical control failures.

Required qualifications, capabilities, and skills

• BS/BA degree in computer science or equivalent experience.
• Relevant experience in cybersecurity or engineering roles.
• Deep and broad understanding of cybersecurity and technologies, and associated risks.
• Deep knowledge of cloud computing, including hands‐on experience with Google Cloud Platform and Amazon Web Services specifically.
• Subject matter expert in areas such as networking, identity management, access management, artificial intelligence, software development and cybersecurity.
• Excellent communication skills, experience preparing formal written documentation. Attention to detail, clear and concise writing, can translate complex technical information into understandable language for regulators.

Preferred qualifications, capabilities, and skills

• Professional cloud certifications such as AWS Certified Security Specialty and Google Professional Cloud Security Engineer.
• Knowledge of cloud infrastructure and hybrid implementations, experience with cloud security posture management and data security posture management tools.
• Ability to assess controls, identify vulnerabilities and access control weaknesses.
• Certified Ethical hacker.
• Software development experience and risks associated with the software supply chain.
• Professional Certifications in Cyber and Information Security Risk from ISACA or ISC2.