Job Description IT audit specialist who uses this expertise to manage 3rd party attestation engagements (SOC1, SOC2, ISAE 3402, AT-C 205), including driving readiness across internal/external audit and regulatory exam scopes, ensuring ability to meet the demands of external clients across lines of business. Remediation includes management of audit findings, root cause analysis, regulatory intelligence and change management.
The role requires interaction with various stakeholders including Technology Risk & Controls managers, technology management as well as interfacing with external and internal auditors to help drive global consistency in our approach, execution and reporting across the global technology and technology risk functions. Successful execution of responsibilities requires strong issue identification and management, problem solving, influencing, partnering, and communication skills interacting cross line of business and corporate teams.
Key Responsibilities:
Coordinate with key stakeholders -- including external and internal auditors, technology management, lines of business, various risk functions, operations and program governance teams to:

• Obtain early visibility into potential changes to program scope, facilitating readiness
• Lead proactive readiness- assessments (platforms, tools, applications) to ensure controls are suitably designed and placed in operation, and that appropriate governance is in place to avoid impacts to external audits
• Oversee remedial workstreams, assessing effectiveness of proposed solutions and driving timely and effective solutions to control issues potentially impactful to programs
• Identify and lead x-LOB teams in identifying appropriate response to external auditors with respect to potential and confirmed control exceptions, including identification of relevant compensating controls for deficiencies
• New Reports: Partner with internal business owners, O&C and external auditors to meet client and/or regulatory requirements; taking the lead in report development and readiness.
• Ensure quality standards are achieved in development and maintenance of program documentation
• Communication to key stakeholders to ensure a no surprises environment, and facilitate development, maintenance and delivery of consistent and meaningful reporting and metrics
• Timely reporting on program status to senior management stakeholders
• Develop educational / guidance resources for use by Technology Risk & Controls and Technology personnel
• People leadership, including performance management and development

Key Skills / Qualifications

• Exceptional issue management and exceptions analysis skills
• Solid knowledge of auditing of IT general computer controls and application controls
• Strong program management skills, with proven ability to deliver quality results in a deadline-driven environment
• Minimum of three years of Manager level experience as Consulting firm practitioner ("Big Four" experience a definite plus), performing IT Controls audits, including experience leading planning and execution of SOC and/or SOX audits
• 8+ years' experience dedicated to planning and leading execution of controls attestation engagements
• Confidence and self-assurance in interactions with external auditors and ability to reach across the firm to engage appropriate management, set agendas, lead calls with senior management and drive actions to meet program objectives
• Must be a detail oriented, quality-focused manager; with strong documentation and reporting skills
• A problem solver with proven ability to evaluate processes, controls, identify weaknesses and potential solutions
• Ability to work effectively in a global team environment and drive results in a matrixed organization
• A strong sense of ownership, commitment to quality and attention to detail
• Excellent interpersonal skills - verbal communications, written communications, and track record of collaboration
• Intellectual rigor, emotional intelligence, high energy and a passion for the delivery of high quality project outcomes

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Full vaccination is a requirement for this role for new hires joining JPMorgan Chase. Additional requirements include sharing information including your vaccine card in the firm's vaccine record tool and may include mask wearing and social distancing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Note: The requirement to be fully vaccinated to be hired for this role does not apply to roles with a work location in Arkansas, Florida, Iowa, Montana, and Tennessee. For applicants to these roles, JPMorgan Chase will consider all qualified applicants regardless of vaccination status, due to state and local laws.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.