Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As a Tech Risk & Controls Lead in Cybersecurity & Tech Controls, Tech & Cybersecurity Policy & Partnerships, you will play a leading role in developing, and advancing the firm's global public policy positions on matters related to technology and cybersecurity. You will support and drive the development of engagement strategies based on research and analysis of new government policies, regulations, industry initiatives, and emerging technology trends. You will also regularly meet with partners in industry and government to share ideas and advance the firm's interests. This is a tremendous opportunity to learn about high-priority initiatives and collaborate with colleagues throughout a world-class firm. Working at the intersection of public policy, regulation, technology, and cybersecurity, you'll sharpen your understanding of cyber risk management and strategy, while continuing to develop your leadership, management and communication skills. While the role requires a deep understanding of technology and cybersecurity regulatory policy and regulatory expectations, success hinges on teamwork and leadership and will require building relationships and leading partners and stakeholders across initiatives. Prior instances of applying this experience at a large financial institution would put you at a distinct advantage

Job responsibilities

• Support APAC Technology and Cybersecurity Policy and Partnerships work; develop strategies and plans to advance the firm’s policy priorities across jurisdictions in APAC; lead the firm’s external engagement and thought leadership strategy in region.
• Directly support the regional information security officer to ensure their awareness and understanding of key regulatory and public policy developments impacting the firm.
• Assess and communicate impacts from regional developments to global teams and support global operating model.
• Conduct analysis of relevant policy developments, industry initiatives and JPMC's supervisory engagements, to inform policy and advocacy activity.
• Collaborate with cross-functional partners in region such as Government Relations, Compliance, Legal, Chief Data and Analytics Office and the Third Party risk management team on priority policy issues
• Build strong external relationships and represent the firm with the public sector, industry peers, trade associations, think-tanks, academia, and consortia in order to drive industry discussions and initiatives.

Required qualifications, capabilities, and skills

• Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
• 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
• Understanding of government policy making, financial and cross-sectoral technology and cybersecurity regulations, international relations
• Proven track record of leading a strategic policy program and managing external stakeholders such as regulators, industry associations and others
• Ability to liaise between cybersecurity and technology teams, as well as cross-functional partners such as government relations and legal, while working with a wide range of stakeholders.
• Superior analytical skills to enable accurate assessment of changes in the regulatory landscape and impact to the firm
• Excellent written and verbal communication skills; ability to break down complex problems and articulate them clearly to a non-technical audience
• Results-oriented with a bias to action. Takes initiative to identify areas to add value and executes quickly and accurately
• Demonstrated ability to lead teams and develop meaningful relationships to achieve common goals across the firm
• Strong ability to think strategically, prioritize issues and manage competing tasks
• Experience in applying these skills in a large financial or other institution

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred