Technology Risk & Controls Director | London, UK

Join a role that is central to our technological resilience, offering a unique opportunity to shape the firm’s tech risk strategy and enhance industry compliance. As a Tech Risk & Controls Director in Cybersecurity & Technology Controls, you will play a pivotal role in shaping and implementing the firm’s technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm’s standards. You will collaborate with various stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.

Job responsibilities

• Identifies and mitigates compliance and operational risks in line with the firm’s standards.
• Provides subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards.
• Works within the Cyber Security Technology & Controls, Tech Risk & Controls Frameworks Team, in partnership with stakeholders from across Global Technology, leading the global programs to accurately represent and maintain the firm’s complex technology operations within the Corporate Operational Risk Environment (CORE) system.
• Defines and implements the Risk Identification framework, executing it with other Risk Identification partners to ensure identified technology risks are reflected into CORE, which provides the firm’s risk management functions the ability to report, monitor and mitigate emerging risks.
• Consults with technology owners in Product, Engineering and Operations to appropriately model their processes, sub-processes, risks and controls for assessment.
• Ensures technology risk and controls reference data (e.g., risk scenarios, policies, standards, procedures, etc.) is available and aligned for use in CORE, such that assessments are consistent and can be justifiably informed by the performance data gathered from the technology estate (i.e., metrics & measures).
• Consults with senior business control management to ensure technology assessments are aligned and inform business operational risk assessments in a meaningful, actionable manner.
• Collaborates closely with Operational Risk Management to ensure that technology risk and control taxonomies are optimized, and appropriately and effectively describing technology risk.
• Drives and leads change initiatives across the Firm’s Risk Organization (both Technology and Business) to improve the understanding of technology risk.
• Innovates and provides analysis and thought leadership to drive improvement and enhancement to the Firms’ Operational Risk framework, platform and improve the End-to-End Technology Risk Management lifecycle.
• Communicates effectively, influencing and stakeholder management are key aspects of this role, including with senior and executive management.

Required qualifications, capabilities, and skills

• Formal training or certification on technology risk & controls and information risk management fields (e.g., identification of technology risks & effective mitigants, technology risk & controls assessments, associated governance & reporting, etc.) concepts and expert applied experience.
• Advanced experience leading technologists to manage, anticipate and solve complex technical items within your domain of expertise.
• Knowledge of compliance, conduct, and operational risk management frameworks and processes.
• Experience in using common technology controls industry best practice (e.g., from NIST, ISO, ISACA, etc.) frameworks.
• Experience in identifying use cases and business logic for continuous controls monitoring and partnering with product and engineering teams to develop and implement.
• Good working knowledge of technology-relevant financial services regulation (e.g., FFIEC handbooks, etc.).
• Good working knowledge of common & current information technology implementations (additional weight given for familiarity with Public and Private Cloud Implementation).
• Inquisitive nature and comfort challenging current practices; proven track record of driving ideas forward and influencing.
• Adept at developing relationships with senior business executives; reputation for partnering across organization lines to mitigate risks.
• Excellent organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
• Use of work management platform such as JIRA to ensure operational discipline.
• Experience in identifying and using data from large data sets to support enterprise scale initiatives via analytics (such as AI/ML techniques, Alteryx, Tableau).
• Ability to collaborate with high-performing teams and diverse stakeholders to accomplish common goals, including experience working with geographically distributed and culturally diverse colleagues.

About Us

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.

About the Team

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.