Job Description:

Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.

JP Morgan Chase's (JPMC) Technology Controls Policy establishes the minimum technology controls required to achieve firmwide assurance of information security. The Technology Governance Risk and Compliance (GRC) Control Domain Authority (CDA) is responsible for the end-to-end management and the overall governance with primary responsibility to provide robust metrics, data-driven insights, and effective technologies to support Global Technology (GT) in executing firmwide operational risk management practices. We also aim to effectively identify, monitor, evaluate, and manage the firm's Technology and Cyber risks - including operational losses, material risks, regulatory changes, etc. in support of the firm's strategic plan.

This role requires a wide variety of strengths and capabilities, including:

• Bachelor's degree or equivalent experience
• Strong leadership skills with exceptional communication and presence
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection

At a high level, the responsibilities of the GRC CDA may include:-

• Ensuring an up to date inventory of GRC risk types and the underlying scenarios which may cause them in response to changes in regulations, technologies, processes or threats
• Continuous control design updates to meet new deployment environments, changes in regulations, technologies, or threat scenarios
• Performing annual reviews of the domain policy catalogue, inclusive of the Standards, Objectives and Control Procedures
• Maintaining operational measures and metrics established for key controls within GRC, along with integration with the GT controls assessment process
• Ensuring GRC risk appetite is maintained by conducting analysis of evidence, trends, gaps and risk modelling
• Producing monthly GRC risk profile for domain CDA governance, and chairing domain risk meetings
• Monitoring of domain risk status to drive timely risk escalation, remediation priority/decisions and proper memorialization of decisions
• Single Point of Contact for Technology GRC for second- and third-line of defense reviews, challenges and audits, and regulatory exams

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans

Apply Now