Tech Risk and Controls Director

Role Summary

Employee Platforms powers the technology and services that enable great employee experiences at scale across the firm.  As Executive Director of Risk & Controls for Workforce & Experience Technology (WXT) & EP CTO, you will lead the first-line risk and control agenda, partner with the business in framing / managing business risk and drive technology risk strategy as part of the EP CTO workstreams.  You will own risk identification, control design and effectiveness, RCSA execution, issue management, and regulatory/audit engagement in close partnership with engineering and product leaders, ensuring resilient, secure, and compliant platforms that support hundreds of thousands of colleagues globally.

Key Responsibilities

• First-line ownership of risk and control posture for WXT, aligning control objectives with EP strategy and platform roadmaps and embedding controls into platform architectures and operating procedures.
• Lead the full control lifecycle: design, implementation, monitoring, attestation, and continuous improvement, ensuring control effectiveness and sustainability.
• Establish, track, and report KRIs/KPIs and control health metrics; deliver transparent, data-driven dashboards and narratives for senior stakeholders and governance forums.
• Govern issue management and remediation: ensure timely, high-quality corrective actions with root-cause analysis, evidence, and durability testing; oversee closures and validation.
• Key trusted partner for the business in evaluating business objectives and corresponding risks, with the ability to frame and translate them into action plans and strategies that drive outcomes.   This includes owning and participating in business routines
• Partner with architecture, engineering and product to integrate and codify control requirements into technical standards, preferences, configuration baselines, CI/CD pipelines, and change management processes.    This will be key in the world of agentic and agents
• Coordinate internal and external audit/exam readiness, walkthroughs, evidence management, and responses; maintain strong control narratives and documentation.
• Lead policy and standards adherence, exception governance, and execution of firm control procedures; align with central frameworks while tailoring to WXT realities.
• Build and lead a high-performing control management team; develop talent, define operating model, and strengthen risk culture across EP.
• Collaborate across EP, CTC, Cybersecurity, Technology Operations, and Lines of Business to harmonize control approaches and share best practices; influence senior leaders on risk tradeoffs and investments.
• Anticipate emerging risks (e.g., endpoint security, identity lifecycle, SaaS governance, vendor/third-party, AI/automation), and drive proactive controls and resilience measures.

Required Qualifications

• 12+ years of progressive leadership in first-line technology risk and control management within large-scale, complex technology organizations; proven success partnering with engineering and product.
• Deep experience with control design/testing, metrics, issue management, and regulatory/audit engagement in enterprise environments.
• Strong domain knowledge across workforce technology: endpoint/device management, identity and access management, collaboration suites, service management platforms, and related cloud/on‑prem integrations.
• Demonstrated ability to embed controls into technical standards and configuration baselines; strong understanding of change, incident, problem, and release management controls.
• Executive communication and stakeholder management skills; ability to simplify complex risk topics and influence at senior levels.
• Experience in managing business risk with LOB partners
• People leadership: building, coaching, and scaling high-performing control teams; operating model design and continuous improvement mindset.
• Bachelor’s degree in Information Systems, Engineering, or related; or equivalent experience.

Preferred Qualifications

• Certifications such as CRISC, CISA, CISSP, CIA, or equivalent.
• Experience with large-scale endpoint/security configuration standards, identity governance, and SaaS risk management.
• Familiarity with regulatory frameworks and expectations relevant to technology and operational risk in financial services.
• Data and automation fluency for control monitoring, analytics, and reporting.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. 

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.