Apply Now    

Technology Risk Assessment Lead

Req #: 170096851
Location: Brooklyn, NY, US
Job Category: Technology
Potential Referral Amount: 3000 US Dollar (USD)
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Technology Controls Program and practices’ purpose is to ensure the security and resiliency of the Firm’s computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
IT Risk and Controls:  Oversight and governance of IT Risk across the firm including IT Risk posture, IT Risk assessment framework, IT regulatory compliance and IT policies and standards. In responding to this growth the Global Technology Controls Office (GTCO), is responsible for delivering a well-controlled, resilient, compliant and secure technology environment through proactive risk and controls management and an embedded self-sustaining controls culture.  As a 1st Line of defense function GTCO work in partnership with our businesses to deliver continuous improvement of our technology controls environment.  GTCO provide the framework, methodology, tools and expertise to help design and embed a robust world class controls environment. In addition, we provide the necessary oversight and continuous assessment of Global Technology’s risk and controls profile.
Role Description
This role is responsible for evaluating the technology risk of existing and emerging technologies and applications in use across the bank, becoming a subject matter expert in the Application & Technology Risk Assessment Program.    They will be a point of contact for identifying people, process and technology gaps in the application risk assessment program or supporting systems and escalating to management as necessary. The candidate will also identify opportunities to improve how risk and controls are evaluated & develop creative solutions for mitigating risk and improving controls.
The role is also responsible for ensuring that the tools and processes used to assess the control environment globally across all JPMC lines of business (LOBs) are defined and operated in line with expectations. This person will play a crucial role in defining process and tools requirements and need to be capable of managing business expectations and commitments across global stakeholders from all LOBs. The individual in this role will also help to analyze firm wide control trends.
The program’s stakeholders come from each Line of Business within the Technology Control Organization as well as Central Technology Governance groups. Maintaining relationships with all stakeholders is crucial to ensuring this role can support the delivery of the program’s agenda.
  • Drive continuous improvement of the global technology risk assessment processes, liaising with management and subject matter experts to understand and execute best in class risk practices.
  • Manage program governance and ensure Line of Business adoption falls within the program’s expectations by acting as the direct liaison with the Global LOB stakeholders in order to drive the program forward.
  • Identify and assess complex security risks and control, and relate them to the business environment, proposing opportunities for efficiency and assessment effectiveness within the risk assessment process and drive changes through influencing stakeholders.
  • Influence decisions and gain consensus by establishing a strong collaborative relationship with all Line of Business stakeholders in order to effectively drive program governance and framework changes across the firm
  • Must be able to effectively communicate program, application and framework changes to Line of Business stakeholders. Driving compliance to adhere to best risk management practices throughout the organization
  • Work with Global Standards and Procedure owners to ensure the controls frameworks accurately reflect / assess the firms continuously developing control objectives
  • At least 3-5 years of experience in the following fields: information risk management, information security management, risk assessments, vulnerability management practices, operational risk, IT control environments
  • At least 2-3 years of experience in technology and cyber security and in the management of risk frameworks and controls.
  • Experience executing and improving an Information Security assessment process. This would include security design, security architecture and implementing information security measures.
  • Experience working with a global team is a must
  • Ability to develop strong client and working relationships with the team is a must
  • Ability to be flexible, follow tight deadlines, organize and prioritize work
  • Clear, concise, and confident communicator (written & verbal)
  • Strong Project and Change Management Skills
  • Comfortable changing direction as senior management priorities shift
  • Experience with the Agile development methodology including writing stories and acceptance criteria preferred
  • Business Intelligence Reporting and visualization Tools Knowledge such as Cognos and QlikView/QlikSense preferred
  • Working knowledge of SQL preferred
  • Working knowledge of Splunk and/or Elasticsearch a plus
  • Knowledge of COBIT and ITIL standards desired
  • CISSP certification preferred, ISACA certifications desired (CRISC, CISM, CISA, CGEIT) a plus
  • Knowledge of RSA Archer, Confluence a plus
  • Proven ability to keep abreast of new or developing controls, frameworks, industry best practices,  technologies as well as country specific risks
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.