Job Description The Governance and Control team is a central part of the Cybersecurity and Technology Controls (CTC) department, with primary responsibility to provide robust metrics, data-driven insights, and effective technologies for risk management. We aim to effectively identify, monitor, evaluate, and manage the firm's Technology and Cyber risks - also including operational losses, material risk, regulatory changes, etc. in support of the firm's strategic plan. We develop comprehensive processes to monitor, assess, and manage the risk of expected and unexpected events that may have an adverse impact on the firm. Risk professionals execute critical day-to-day risk management activities, lead projects and contribute to the ongoing advancement of a robust risk management program. Effective coordination with executive management, business units, control departments and technology is critical for success.
As an experienced professional in our cybersecurity organization you will be responsible to drive the control evaluation methodology and frame work in the control room organization within CTC, you won't just be watching over our data - you'll be finding innovative new ways to protect it in the future. To do that, you'll help lead a highly motivated team focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. You'll use your leadership skills to give guidance, advice on best practices and support our business and technology groups on control evaluations. By taking the lead on incident response, risk reviews, vulnerability assessments and identifying threats, you'll help us deliver cost-effective solutions that put our clients first. You'll deploy best practices, new policies and emerging trends to strengthen our strategic roadmap. By presenting your findings to senior leaders, you'll sharpen your communication and presentation skills. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world.
On a more granular level, here is some more context into the day-to-day responsibilities:

• Manage firm wide technology risk assessment program (CORE) for a Line of Business (LOB), ensuring proper evaluation of controls, identification of significant control deficiencies.
• Partner closely with Technology stakeholders providing clear direction and guidance during CORE.
• Manage end-to-end control evaluations for control design and control performance evaluations, to validate and ensure proper documentation of evidence in compliance with CORE Program Standards and Procedures.
• Work actively with the Assessment Leads and ISMs to improve technical assessment guidance and evaluation approaches, where appropriate.
• Responsible for CORE Program Reporting consisting of: weekly status reports; monthly updates for control committees; commentary around KRI/KPI issues and long dated or audit identified issues; CORE assessment results and current risk posture; technology triggers and impact to business operational risk.
• Ensure issues management remediation and control re-evaluation in line with CORE Standards & Procedures, consisting of: weekly reporting, tracking, and analysis of trends; issues and related action plans & risk acceptances are timely documented, assigned, and resolved; escalation of non-compliance to senior leadership; assessment stakeholder assignment for control re-evaluation;
• Participate in Technology Control Design Authority working groups to improve our ability to identify operational risk, establish controls with focus on automation for continuous control monitoring, adjust to emerging technology and cybersecurity trends, as well as react to new and unexpected threats.
• Assist with responses to Internal Audit as it relates to assessment program results.

Qualifications:

• Bachelor's degree or equivalent experience
• 10+ years of experience at a large multinational company
• Experience with audit and / or technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients
• Experience with Agile and the ability to work with at least one of the common frameworks
• Excellent organizational skills with experience in working in a Global Organization is preferred
• Strong communication skills - both verbal and written and ability to provide clarity and focus to projects while working with both engineering groups as well as senior management
• Excellent reporting skills - Excel and other reporting tools. Hands on experience working with data and experience in visualization applications such as QlikView or Tableau/ Python
• Experience working with geographically dispersed and culturally diverse teams, often in a virtual environment,
• CISSP, CRISC, CISA or CISM or other industry-recognized risk and risk certifications preferred.
• Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.

More About Us:
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Full vaccination is a requirement for this role for new hires joining JPMorgan Chase. Additional requirements include sharing information including your vaccine card in the firm's vaccine record tool and may include mask wearing and social distancing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Note: The requirement to be fully vaccinated to be hired for this role does not apply to roles with a work location in Arkansas, Florida, Iowa, Montana, and Tennessee. For applicants to these roles, JPMorgan Chase will consider all qualified applicants regardless of vaccination status, due to state and local laws.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.