Tech Risk and Controls Lead(IT Audit)

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As a Tech Risk & Controls Lead at JPMorganChase within Cybersecurity Technology and Controls, you will evaluate delivery, quality, and integrity across a range of Global Technology Control Assessments, including SOX, SOC, PCI, FedRAMP, and other regulatory frameworks. You will provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with Service Leads, Business Control Managers, and Regulators, you will help report a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles will enable you to drive innovative solutions and manage a diverse team in a dynamic risk landscape.

You will help define and implement best-in-class assessment methodologies and practices. This role is ideal for professionals with significant experience in audit, risk, or compliance who are looking to make a strategic impact through leadership and innovation.

Job responsibilities

• Lead and execute comprehensive, independent evaluations of control and compliance assessments across all phases—planning, execution, and reporting—ensuring accuracy, reliability, consistency, and compliance throughout.
• Operate independently to document assessment results with clear workpapers, findings, improvement opportunities, and remediation actions.
• Oversee and perform testing of GTCA controls and processes, ensuring assessments are based on verified evidence and aligned with assessment methodologies and practices to address all relevant regulatory requirements, risks, and controls.
• Present review progress, key insights, and strategic recommendations to senior leadership and governance committees.
• Proactively identify, manage, and mitigate delivery risks by addressing potential obstacles and implementing contingency strategies to sustain program momentum.
• Foster a culture of continuous improvement and operational excellence, providing training and driving innovation in methodologies and processes.
• Leverage your expertise in assurance and review methodologies to ensure methodological rigor, consistent application of standards, and thorough review and validation of deliverables.
• Review assessments and reports to validate they are completed on schedule, based on verified data, and address relevant regulatory requirements, risks, and controls.
• Evaluate ongoing improvements to processes and tools, and verify that team members are well-trained and knowledgeable about current regulations and assessment practices.
• Ensure assessments are objective, transparent, and ethically conducted, maintaining confidentiality and data privacy, and compliance with all relevant laws, regulations, and internal policies.

Required qualifications, capabilities, and skills

• Formal training or certification on security concepts and five years of experience in IT risk, audit, compliance, or control assessment, including at least three years of internal or external audit experience leading reviews and managing stakeholders in large financial institutions.
• Proven ability to lead projects and teams, manage multiple assessment reviews, and collaborate effectively across functions in complex environments.
• Exceptional written and verbal communication skills, with the ability to translate complex technical and regulatory information into clear, actionable messaging for diverse audiences including senior leaders, stakeholders, and clients.
• Detail-oriented with strong documentation skills and a demonstrated ability to learn and apply new concepts quickly.
• Skilled in critical thinking, root cause analysis, and structured problem-solving to drive continuous improvement.
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.
• Strong background in information security, IT General Controls, risk and control frameworks, and regulatory compliance, including hands-on experience with SOX, SOC, PCI, and regulatory technology assessments.

• Growth mindset with the ability to drive strategy and execute at scale.

Preferred qualifications, capabilities, and skills

• CISA, CIA, CPA, CISSP, or similar industry-recognized risk certifications are preferred.

#CTC

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. 

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.