Technology Controls (TC) delivers streamlined and consistent solutions supporting JPMorgan Chase’s Controls and IT Risk agendas, with a focus on stability, delivery, efficiencies and people. The goal of TC’s drive to standardization, consistency and simplicity is a JPMorgan Chase architecture that fosters long-term productivity, quality and innovation across the entire enterprise. The disciplines within this organization are Oversight & Controls Technology, Identity & Access Management, IT Risk & Controls and Third Party Risk Management.
Technology Control Office (TCO) team supports the Technology Controls Management team to identify, analyze, manage, track, and remediate or mitigate information technology risks. The candidate will set the strategy to accomplish risk agenda in support of businesses and the technology groups providing support. The position will have global impact.
The Technology Control Officer will be expected to assist with influencing effective risk & controls management and providing governance and oversight for businesses through risk consultancy, identification of control weaknesses and recommendations for improvement opportunities, providing training and reporting of risk issues. Responsibilities include understanding the firm’s risk agenda, technology agendas, working with Chief Technology Officers and their management teams to efficiently accomplish both agendas. Also includes some validation of the testing of controls via the Risk & Controls Self Assessment, Application Risk Assessment (ARA) program, supporting Corporate Operational and Technical Risk initiatives, oversight of the relevant testing programs, Privacy initiatives, and other risk related activities.
Duties and Responsibilities include:
- Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups.
- Promote the corporate self-assessment programs (RCSA and ACA) ensuring technology control owners are assessing the technology risk in their environments identifying breaks in their control effectiveness.
- Provide quality assurance (QA) over the self-assessments to ensure they meet corporate compliance.
- Communicate risk and other control findings and develop recommendations for resolution.
- Develop reporting with key, focused messages to enable constituency to understand their risk position.
Ensure that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, as well as investigating and resolving control incidents.
- Support of Operational Risk initiatives ensuring compliance with corporate policy and regulations.
- Interface with application development (AD) teams on an on-going basis for BAU risk activities as well as project initiatives.
- Understand technology from a strategic perspective as it relates to managing risk in the organization.
- Partner with TC Third Party Oversight (TPO) teams to ensure effective risk management of vendors engaged by technology partners.
- Partner with line of business Third Party Oversight (TPO) teams to ensure effective risk management of vendors engaged by technology partners.
- Provide technical risk project consultancy for technology teams rolling out new products in the firm so that they are secure from the start and fully compliant with the firms risk policies and standards.
- Interface with the line of business Oversight and Control teams to ensure technology risk impacting the business is effectively tracked and documented.
- Escalate issues to senior management as warranted.
- Partner with Identity & Access Management and Technology Resilience teams to ensure effective risk management.
- Offer controls advisory to regional stakeholders.
- Collaborate with line of business / location Technology Control Officers.
- Manage any other assigned duties as required.
- Bachelors degree or equivalent experience required, ideally in a business or financial discipline.
- 7+ years of work experience in Information Risk & Security domains.
- 5+ years hands-on experience in application development and/or infrastructure support.
- Project management experience.
- Experience with Phoenix/FORCE or ITRC application is a plus.
- Knowledge of Corporate Risks, IT Controls and other regulations.
- Proficient in MS Office (Word, Excel, Access, and Power Point).
- Excellent oral and written communication skills.
- Ability to deliver high quality results under tight deadlines.
- Attention to detail.
- Ability to work independently as well as in a team environment, demonstrating creativity and an ability to check work conscientiously for errors and make decisions based on priorities, time constraints and risks.
- Experience writing professional documents both for internal and external purposes as well as being comfortable with presenting to senior leadership and often delivering a tough message.
- Strong analytical background and technical skills with the ability to assess and communicate the operational, technical, and financial impact of risk findings and control issues.
- Sound understanding of regional regulatory requirements such as MAS TRM.
J.P. Morgan is a place for talented people from all backgrounds and perspectives because our clients come from all backgrounds and perspectives. We encourage a culture of inclusion, where everyone's opinion counts and all employees have the freedom to deliver their absolute best. This is why we work hard and invest in attracting and developing a diverse workforce. Learn more about our Business Resource Groups in how they help our employees build successful careers and reach their greatest potential.