Technology Risk and Controls Lead - Portfolio of Applications

As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO (Business Information Security Officer) organization, you will serve as the trusted risk advisor for a portfolio of applications supporting Corporate functions. In this role, you will provide subject matter expertise and technical guidance throughout the entire risk lifecycle, including the identification of risks, offering remediation guidance, risk registration, and risk reporting to key stakeholders such as Application Owners, CTOs, Chief Data Officers, and Business Control Managers. You will be accountable for assessing and reporting a comprehensive view of the technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. This position requires strong communication and stakeholder management skills, as well as the ability to influence and guide risk decisions at both strategic and operational levels.

Job Responsibilities:

• Serve as the primary risk advisor for a portfolio of applications supporting Corporate functions.
• Provide subject matter expertise and technical guidance to key stakeholders, including Application Owners, CTOs, Chief Data Officers, and Business Control Managers.
• Lead the risk lifecycle: including the identification, assessment, reporting and registration of technology risks, ensuring comprehensive risk coverage across the portfolio.
• Develop and deliver remediation guidance to address identified risks and support risk mitigation strategies.
• Prepare and present monthly risk posture report to stakeholders, offering a clear and comprehensive view of the technology risk posture and its impact on the business.
• Drive innovative solutions to manage and mitigate risks in a dynamic and evolving risk landscape.
• Leverage advanced knowledge of risk management principles, practices, and theories to influence and guide risk decisions at both strategic and operational levels.
• Maintain strong communication and stakeholder management skills to ensure alignment and effective risk governance.

Required Qualifications, Capabilities, and Skills

• Formal Training or certification with 5–7 years of experience or equivalent expertise in technology, risk management, information security, or a related field, with a focus on technology risk identification, assessment, and control evaluation.
• Strong understanding of technology risk management frameworks and industry standards.
• Expertise and in depth knowledge in data, access and vulnerability management.
• Experience in performing technology risk and control assessment for AI/ML solutions.
• Proven ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders.
• Proven ability to develop and maintain strong client and stakeholder relationships.
• Excellent organizational and project management skills, with the ability to manage multiple competing priorities and deliver under tight deadlines.
• High degree of initiative and self-direction, with the ability to perform well under pressure; demonstrated intellectual curiosity and capacity to learn quickly.

Preferred Qualifications, Capabilities, and Skills

• Industry-recognized certifications such as CRISC, CISM, CISSP, or CISA, demonstrating formal expertise in technology risk and information security management.
• Proficiency in third-party and vendor risk management, including due diligence, ongoing monitoring, and control assessments across the vendor lifecycle.
• Familiarity with cloud security risk management (e.g., AWS, Azure, GCP), including shared responsibility models and cloud-native control frameworks.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. 

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.