Drive technology risk governance and control effectiveness across cybersecurity, partnering with teams to strengthen resiliency and compliance.

Join a team where your expertise helps protect the firm and our customers by strengthening technology risk governance and control outcomes.

As a Governance, Risk and Controls Governance Lead at JPMorgan Chase within Cybersecurity, Technology & Controls, you will identify, assess, and help mitigate operational and technology risks in line with the firm’s standards. You will provide subject matter expertise and practical guidance to technology-aligned process owners to help ensure controls are designed appropriately, operating effectively, and aligned to regulatory, legal, and industry expectations. You will collaborate with stakeholders including Control and Product Owners, Application and Site Reliability Engineering teams, and Audit and Regulatory partners to continuously improve the technology risk posture and its business impact.

Job responsibilities

• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations
• Develop and maintain strong relationships with line of business technologists, assessment teams, and data officers to enable cross-functional collaboration and progress toward shared goals
• Execute reporting and governance for controls, policies, issue management, and measurements, providing senior management insight into control effectiveness to inform governance decisions
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance
• Perform control assessments, quality assurance reviews, issue closure testing, and oversight of remediation plans to validate sustained control performance
• Establish key risk indicators, key performance indicators, and key control indicators (for example, review cycle time, defect rate, control test pass rates) and service level agreements/objectives to improve resiliency, scalability, sustainability, and stability of control reviews
• Create traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts.

Required qualifications, capabilities and skills

• Formal training or certification on security concepts and 5+ years of applied experience in technology risk management, information security, or a related field, emphasizing risk identification, assessment, and mitigation.
• Familiarity with risk management frameworks, industry standards, and financial services regulatory requirements
• Proven expertise in data security, risk assessment and reporting, and control evaluation, design, and governance, with a record of implementing effective risk mitigation strategies
• Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders
• Working knowledge of cybersecurity-related regulations and compliance requirements (for example, General Data Protection Regulation, Payment Card Industry Data Security Standard, Sarbanes-Oxley, Federal Financial Institutions Examination Council)
• Understanding of applicable national and international laws, rules, regulations, policies, and ethics related to cybersecurity in the financial industry.
• Advanced knowledge of product development life cycle practices, service design, and data analytics
• Ability to build dashboards and metrics that communicate control effectiveness, cycle time, and risk posture to stakeholders.

Preferred qualifications, capabilities and skills

• Industry-recognized certification such as Certified Information Security Manager, Certified in Risk and Information Systems Control, Certified Information Systems Security Professional, Certified Information Systems Auditor, or similar
• Experience applying prompt engineering to improve stakeholder engagement, documentation quality, and process efficiency
• Familiarity with coding or scripting, data analytics, cloud control design, cybersecurity controls, and/or distributed technologies
• Experience automating control evidence collection and testing (for example, using application programming interfaces or scripts) to improve reliability and repeatability
• Data visualization and communication skills to explain complex risk and control topics clearly

#CTC