Job Description The Technology Risk Assessment & Control Evaluation (TRACE) function is a central part of the Cybersecurity and Technology Controls (CTC) organization. As part of this function, we aim to effectively identify, monitor, evaluate, and manage the firm's Technology and Cyber risks and controls, also including operational losses, material risk, regulatory changes, etc. in support of the firm's strategic plan. We develop comprehensive processes to monitor, assess, and manage the risk of expected and unexpected events that may have an adverse impact on the firm. Effective coordination with executive management, business units, control departments and technology are critical for success. The ideal candidate will have solid experience in technology risk & controls, assessment experience, and a proven track record in working on complex processes and technology projects.
Key Responsibilities:

• Lead the design, development, and implementation of Governance Framework for controls' measurement and assessment approach
• Lead governance oversight for engagement with Global Technology Policies and Controls function to monitor changes in the Global Technology Control Catalogue
• Lead execution of assessment change management process, impact analysis, and drive associated actions
• Collaborate with the Assessment Onboarding team, Control Owners, product and engineering team to define and develop or uplift control assessment approach for technology controls and data driven assessments, ensuring feedback from the Assessment team is referenced, where applicable
• Manage engagement between assessment program teams and Control Owners to ensure appropriate control measurements and assessment approach are in place while closely collaborate with the Assessment Onboarding team in the prioritization of control assessment onboarding for control domain functions
• Develop and maintains strong business and technology relationships, becoming a trusted partner with Global Technology Policies and Controls function, Control Domain function members, LOB Information Security Managers and Assessment and Assurance Program teams
• Communicate assessment change management progress with key stakeholders, develop recommendations and best practices, and provide accurate metrics and management reports on a timely basis
• Ownership and oversight of Technology Risk Assessment & Control Evaluation program Standard Operating Procedures, which provides guidance for the Assessment team on how to execute the firm wide technology risk assessment program. Closely partner with the Assessment team and other Global Technology functions for ongoing improvement of the assessment guidance and evaluation approaches.
• Responsible to support and help drive the control evaluation methodology and framework within Cyber and Technology Controls function

Basic Qualifications:

• Bachelor's degree or equivalent experience
• Minimum of 5-7 years of technology risk and controls experience, risk-based consulting, risk assessments, audit and/or regulatory activities.
• Deep knowledge and prior experience in controls evaluation all technology control domains
• Experience with implementation and oversight of technology risk and controls, coordination of activities for key stakeholders and assessing an IT control environment
• Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver
• Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients

Preferred Skills:

• Experience with Internal and External Audit is a plus
• Working knowledge of GRC technology & controls monitoring concepts in order to interact with technology product owners
• Experience operating in environments that are heavily governed under compliance, regulatory, or risk reduction controls
• Experience with Agile and the ability to work with at least one of the common frameworks
• Excellent organizational skills with experience in working in a Global Organization is preferred
• Strong communication skills - both verbal and written
• Excellent reporting skills - Excel and other reporting tools
• Experience working with geographically dispersed and culturally diverse teams, often in a virtual environment
• CISA, CIA, CRISC or other industry-recognized risk and risk certifications preferred

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.