AI Compliance, Conduct and Operational Risk - Executive Director in London

Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

As an Executive Director in Data and AI Compliance, Conduct and Operational Risk (CCOR), you will provide second line of defense (2LoD) independent oversight across the Chief Data & Analytics Office (CDAO) Product and Platform organization, with a focus on Data/AI platforms, model ingestion and onboarding, agentic systems, and external AI services. You will develop and execute targeted review strategies across the AI technical supply chain—data flows, integrations, access controls, logging/traceability, and data residency—ensuring products and platforms operate within the firm’s risk appetite and align to regulatory expectations.

Your role will report to the Head of AI, CCOR, and provides independent 2LoD oversight across the CDAO Product & Platform data and AI portfolio, spanning internally built products and third-party/SaaS capabilities (e.g., data access and connectivity, governance/lineage/metadata, model development and notebooks, model serving, agentic capabilities, and managed data/AI platforms). You will assess whether risks are appropriately identified and controlled throughout the product lifecycle (including logging/traceability, data residency, third-party risk, access/entitlements, and human-in-the-loop safeguards where applicable), challenge and influence teams to remediate gaps, and escalate through governance channels or other mechanisms when needed to achieve acceptable risk outcomes.

Job Responsibilities

• Provide strategic guidance and proactive 2LoD oversight through targeted assessments of CDAO Product & Platform governance, processes, and control environments across the data and AI portfolio.
• Apply technical architecture expertise to challenge how data/AI services are designed and consumed (e.g., APIs, managed services, model gateways, identity and access patterns, orchestration layers), with a focus on secure control points and end-to-end auditability.
• Drive first line accountability for defining and reporting meaningful KRIs and control evidence (e.g., logging/traceability, data residency adherence, third-party dependencies, exception trends), and challenge content, quality, and outcomes as needed.
• Serve as an independent challenger for third-party/SaaS and managed AI platforms, validating risk and control expectations for data sharing/egress, vendor usage constraints, and operational resilience.
• Oversee governance for GenAI and agentic systems (including tool-enabled assistants and external model integrations), ensuring proportionate guardrails, least-privilege access, human oversight where required, and defined stop/containment mechanisms.
• Provide 2LoD oversight of foundational data governance products (inventory/CDE, metadata, lineage, catalog, data quality), ensuring they enable compliant data use and support obligations such as BCBS 239 across CDAO Product & Platform.
• Influence and reinforce right risk behaviours within Product & Platform teams by requiring appropriate SME engagement, clear ownership, timely remediation, and consistent follow-through to closure.
• Stay current on evolving AI regulations and AI risk frameworks and translate them into actionable oversight expectations, review checklists, and audit-ready documentation.

Required qualifications, capabilities and skills

• Significant relevant experience in (a) data/AI product and platform delivery with strong control-by-design practices, or (b) risk/governance oversight across data/AI and cloud with demonstrated independent challenge.
• Demonstrated ability to operate with credible challenge and strong governance discipline (e.g., driving first line ownership, reviewing evidence, documenting risk positions, and escalating issues to resolution), while collaborating effectively with senior stakeholders and partners.
• Demonstrable technical architecture fluency, with experience assessing and challenging designs for data/AI platforms and integrations (APIs and managed services, security gateways, IAM/least privilege, logging/observability, data residency and egress controls).
• Strong understanding of AI/LLM capabilities and risks across the lifecycle (model onboarding/ingestion, retrieval/RAG patterns, model serving) and associated control points (traceability, access, data handling), including assessing control design and operational effectiveness in fast-changing environments.
• Experience with agentic AI architectures and tool-enabled assistants (e.g., overseeing “Claude Code”-style deployments), including guardrails, access boundaries, traceability, and human oversight appropriate to risk.
• Strong analytical and issue-spotting capability to drive risk decisions.
• Excellent communication and counseling skills (including client-facing experience), with ability to translate complex technical topics into clear risk positions, influence outcomes, prioritise across competing demands, and drive closure on remediation action.

Preferred qualifications, capabilities and skills

• Awareness of evolving AI regulations and AI risk frameworks, with ability to translate them into practical governance, controls, and operating model requirements (e.g., EU AI Act, NIST AI RMF; familiarity with NIST/ISO is beneficial).
• Experience in a regulated environment is preferred (including roles within major cloud/service providers supporting regulated customers).