Join our team and take a leading role in shaping the future of technology risk management at JPMorgan Chase. As the Executive Director of Technology Risk Assessment for Financial Reporting within our Cybersecurity and Technology Controls Team, you will be at the forefront of safeguarding our financial reporting processes and strengthening the security and resilience of our technology operations.
In this role, you will evaluate and assess the impact of control deficiencies, operational concerns, and exceptions on the integrity of the bank’s financial reporting. Your expertise will also extend to broader aspects of technology security and operational resilience. By leveraging your deep knowledge of risk management principles, you will identify and monitor risks, implement effective controls, and provide critical guidance on complex risk scenarios.
Your leadership in risk identification, control evaluation, and security governance will be essential in advising senior stakeholders and enhancing the firm’s overall risk posture. Through collaboration and strong analytical skills, you will help protect our customers, employees, and communities, while ensuring compliance with regulatory requirements and industry standards.
Job Responsibilities
Identify and evaluate potential control deficiencies using automated compliance testing, metrics, and ongoing monitoring tools. Assess the impact of identified issues on JPMorgan Chase’s internal controls over financial reporting. Continuously monitor technology risks to ensure adherence to firm standards, regulatory requirements, and industry best practices. Lead comprehensive risk assessment activities, including annual, quarterly, and ongoing reviews, walkthroughs, and oversight of control documentation and testing. Collaborate with cross-functional teams to implement and strengthen effective technology controls. Review and analyze the effectiveness of existing controls, identify gaps, and recommend enhancements to reduce risk and improve the firm’s risk posture. Provide expert analysis and guidance on complex risk scenarios, supporting the development and execution of risk mitigation strategies. Partner directly with external auditors to scope and execute IT components of SOX, SOC1, and SOC2 programs. Drive continuous improvement initiatives for risk assessment and SOX/SOC programs, enhancing efficiency, governance, and audit processes.
Required Qualifications, Capabilities, and Skills
Minimum 10 years of experience in technology risk management, information security, or a closely related field, with proven expertise in risk identification, assessment, and mitigation. Extensive background in evaluating and addressing technology risks and control deficiencies, with a deep understanding of industry standards and best practices. Strong analytical skills with a track record of resolving complex risk issues, developing and implementing effective mitigation strategies, and communicating recommendations to senior leadership. In-depth knowledge of risk management frameworks, regulatory requirements, and compliance standards, including Sarbanes-Oxley (SOX), SOC1, SOC2, COSO, NIST, COBIT, and SEC guidance for internal controls over financial reporting. Demonstrated ability to leverage IT expertise to address compliance challenges and enhance control environments.
Preferred Qualifications, Capabilities, and Skills
Professional certifications such as CISA, CISM, CRISC, CISSP, or other recognized credentials in risk management or information security. Hands-on experience with leading cloud platforms, including Azure, AWS, and Google Cloud. Exceptional communication and presentation abilities, with a proven track record of effectively engaging and influencing senior management and stakeholders across all organizational levels. Strong interpersonal skills with the ability to collaborate, influence, and build partnerships with cross-functional and geographically dispersed teams.