Leveraging deep expertise in risk, controls, and audit, this role influences secure IT operations firmwide by:

Providing guidance, best practices, and subject-matter support to lines of businessDriving and overseeing appropriate corrective actions to reduce operational riskEnsuring alignment with regulatory expectations and internal control standards

Collaborating across stakeholders to strengthen control design and operating effectiveness

Duties/Responsibilities include but are not limited to:

Work with all three JPMC Lines of Defense to ensure the accuracy of statements and identified riskPartner with other Tech Risk & Control personnel to ensure appropriate root cause analysis to confirm thorough understanding of findings/observations Ensure only qualified risks are entered into CORE and adhere to GRC quality requirements for IssuesProvide auditability, risk, and sustainability advisement and approval for all identified IssuesEnsure Issue Action Plans (APs) sufficiently and sustainably address the identified risk

Review/approve all Issue and AP closure documentation

Establish and maintain strong relationships with internal and external stakeholders, including key cross-functional team leads, to ensure compliance with Firm Issue Management Standards and Procedures

Respectfully challenge viewpoints of all three Lines of Defense

Review/approve all Issue and AP completion evidence

This role requires a wide variety of strengths and capabilities, including:

5+ years of experience in technology audit, expertise in technology risk management, information security, or a related field, with a focus on managing risk identification, assessment, and mitigation

In-depth experience in audit and risk management practices/functions

CISA designation required, CRISC designation preferred

Advanced knowledge of IT control frameworks

Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection

Experience working across large complex business and technical environments

Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals