Job Description As part of the Global Technology Assessments & Assurance team, the Gramm-Leach-Bliley Act (GLBA) Program Lead is responsible for managing the GLBA program on behalf of the firm. The individual will act as a Subject Matter Expert on assessment design and strategy for the GLBA program and work closely with functions throughout the organization to ensure program results are captured and reported on within regulatory expectations. The ideal candidate will have solid experience in technology risk & controls, compliance, regulatory or audit assessment programs and a proven track record in working on complex process and technology projects.
A successful candidate will drive an effective assessment program and execution strategy across technology controls while responding to strategic initiatives throughout Global Technology with innovative assessment approaches. The individual will demonstrate ability to travers a complex ecosystem with engagement of all lines of defense and senior management to provide appropriate oversight of programs under their direction.
Key Responsibilities:

• Oversees IT Cybersecurity & Privacy management assessment programs (e.g., GLBA) for Corporate Technology within firm Standards & Procedures in accordance with methodology
• Works with functional leads & control owners on assessment approach for business, operational and technology functions
• Subject matter expertise of the GLBA program, and other Cybersecurity & Privacy Assessment programs, and an ability to communicate requirements to senior leaders
• Creation of Board level GLBA reports which demonstrate firmwide risks to the GLBA requirements
• Provide guidance on remediation activities as it pertains to Corporate Technology Cybersecurity & Privacy issues, ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process
• Regular partnership & audit engagement with internal and external auditors
• Develop and maintain strong business and technology relationships, becoming a trusted partner
• Communicate risk and other control findings with key stakeholders, develop recommendations and provide accurate metrics and management reports on a timely basis

Qualifications
Candidates must have a minimum 5-7 years of technology risk and controls experience, risk based consulting, risk assessments, audit and regulatory activities, preferably in the Cybersecurity & Privacy regulatory area.

• Bachelor's degree in Computer Science, Management Information Systems, Accounting Information Systems, or a related field. Experience within financial services areas is preferred
• Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment
• Analytical skills to understand large data sets to inform assertion statements for compliance with regulations or frameworks
• Ability to present large volume of data in executive level reports, including Board level
• Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization and influence without authority
• Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.