Tech Risk Assurance Director – Cyber Risk Pillar
Company: JPMorgan Chase & Co.
Location: Wilmington
Posted on: April 1, 2026
|
|
|
Job Description:
Description Join us in a pivotal role where your expertise in
security and risk management shapes our global cyber assurance
capabilities. As a Tech Risk Assurance Director in the Cyber and
Tech Controls line of business, you will provide confidence to the
firm's leaders by ensuring products and Lines of Businesses achieve
their objectives while effectively measuring and managing risk.
Developing and implementing revised or new policies and processes
will be a central responsibility, with a focus on anticipating and
prioritizing unknown thematic technical risk 'hotspots'.
Collaborating with cross-product and functional teams, you will
analyze high-priority risks, evaluate gaps in related standards and
controls, and create outputs that propel remediation plans,
controls and standards development, and strategy. Your expertise in
risk management, data security, and security governance will be
crucial in navigating the dynamic landscape of evolving cyber
threats, technology advancements, and global regulations. The
primary responsibilities are to support the cybersecurity domain
construct for Cybersecurity Assurance and focus on governance and
compliance of regulatory and control obligations for the
Cybersecurity of the firm, including such disciplines as SIEM, DLP,
Digital Forensics, Network Telemetry and File Analysis, Cyber
Intel, Vulnerability Management, Attack Simulation, Security
Configuration, and Endpoint Detection and Response. You will play
an important role in securely enabling the firm through managing
the risk profile and aligning cybersecurity and technology controls
requirements and product capabilities. The Tech Risk Assurance
Director is responsible for coordinating the control framework,
program, and approach for the JPMC security architecture, policies,
standards, risk assessments, monitoring, and certification around
cyber risk. This role engages in areas of development, design, and
monitoring of corporate and global control programs, and acts as a
liaison between management, the Lines of Business, internal and
external audit, and regulators. Job responsibilities Understand and
have experience supporting regulatory engagements aligned to the
FFIEC handbook and have in depth knowledge of industry best
practice and control guidance provided by NIST, CIS, DISA and
others Investigate, analyze, document, remediate, track, and report
technology risks and associated controls; Design and development of
control requirements based on new and emerging technological
solutions in a measurable way, ensuring that existing and new
solutions are designed to be continuously compliant with JPMC
policies and standards Collaborate with team members and
stakeholders on firm-mandated, cross-LOB, and regional audits where
the Risk Pillar is engaged, and provide strategic drive for
engagement efficiency, effectiveness and transparent, measurable,
sustainable control improvements, including process enhancements
and use of automated data collection techniques Define and
proactively monitor Key Risk Indicators to identify non-compliance
and assist in remediation with compensating controls to address
security, risk and control gaps, provide leadership and advise on
material remediation activities ensuring appropriate resolution of
issues, action plans, breaks, and remedies and support the closure
verification process, aid in training and spreading technology risk
and control awareness within the organization, and create,
maintain, and communicate operational metrics and status of control
related initiatives and issues Develop and maintain strong business
and technology relationships, becoming a trusted partner,
communicate risk and other control findings with key stakeholders,
develop recommendations and provide accurate metrics and management
reports on a timely basis, and maintain an in depth understanding
of the Cybersecurity Operations Technology domains consisting of
Security Configuration, Security Operations and Vulnerability
Management Support risk decisions for product roadmap
prioritization and control implementations supported by
documentation and substantiative evidence, manage the risk profile
of aligned products, and translate risks into functional
requirements, non-functional requirements and constraints together
with the LOB business partners, Cyber Architecture and Product
Management teams, and ensure that all pertinent Information Risk
and Control regulatory requirements and applicable JPMC policies
are understood by LOB business partners, technologists, and the
Information Security Management function team members, and that
these policies are implemented and monitored successfully Work with
technology teams to walkthrough, gather control design requirements
facilitate discussions and bring to closure control issues, lead
the efforts to create and manage agile process for controls related
assessment, and build automation/self service capabilities for
analysis, reporting and reusing of information to address control
issues, and communicate issues and evaluate issues/findings and
best practices with the rest of the team and management Steer the
development and implementation of robust risk management policies,
standards, and controls, fostering a strong risk culture and
promoting risk awareness and accountability across the Firm Lead
and collaborate with cross-functional project teams to deep-dive
into identified risks, understand systemic failures and issues
enabling the risk, and work with appropriate teams to craft
remediation plans Oversee execution of control evaluations, risk
assessments, and regulatory compliance activities, ensuring
alignment with the Firm’s objectives and regulatory requirements
Champion the adoption of emerging technologies and industry best
practices to enhance the Firm's risk management capabilities and
fuel continuous improvement initiatives Required qualifications,
capabilities, and skills 7 years of experience or equivalent
expertise in technology risk management, cybersecurity, or a
related field, focusing on risk assessment and mitigation Excellent
command of cyber and operations risk management processes,
principles, architectural requirements, engineering threats and
vulnerabilities, including incident response methodologies Keen
understanding of national and international laws, regulations,
policies and ethics related to financial industry cybersecurity
Noted cybersecurity expertise, keeping technical skills current and
participating in multiple forums Expertise in Agile and can work
with at least one of the common frameworks Ability to identify
network attacks and systemic security issues as they relate to
threats and vulnerabilities, with focus on recommendations for
enhancements or remediation Experience with implementation and
oversight of technology risk and controls, coordination of
activities for audits and assessing an IT controls environment and
detail oriented, with experience evaluating processes, controls,
and issues to determine risks Subject matter expert on information
security and technology risk management with understanding of IT
control policies Demonstrated expertise in data security, risk
management & controls, security governance, and analytical thinking
Proven experience in managing cross-functional projects, and
implementing risk management policies and processes Strong
knowledge of industry regulations, guidelines, and best practices,
such as NIST, ISO, FFIEC, and GDPR Preferred qualifications,
capabilities, and skills A deep understanding of cyber risk
scenarios for on-prem and cloud based solutions and ability to
maintain high standards with a drive to achieve the right answer in
difficult and/or ever changing situations Subject matter expert on
technology risk management with complete understanding of IT
control policies and proven ability to examine, improve and execute
the organization's existing processes and procedures for risk
assessment Able to review, understand, and rely on technical and
software documentation and apply that knowledge into practice
Experience operating in environments that are heavily governed
under compliance, regulatory, or risk reduction controls and
possessing stakeholder engagement skills, including ability to
interact with senior levels of management Knowledge of
process-focused methodologies for IT related activities
(Resiliency, Backup, Networks, Cloud, Change Management, Incident
Management, SDLC) and knowledge of industry-standard risk/control
frameworks: ITIL, COSO, NIST, PCI-DSS, COBIT, etc. Proficient
verbal and written communication skills, including the ability to
effectively lead discussions and meetings with internal management,
external / internal audit, peer groups, regulators and senior
stakeholders Ability to prioritize and work under stringent
timelines and to lead within a cross line of business technology
organization, empower people, build rapport, garnering respect and
appropriately exercising authority in a collaborative
cross-cultural environment
Keywords: JPMorgan Chase & Co., Fayetteville , Tech Risk Assurance Director – Cyber Risk Pillar, IT / Software / Systems , Wilmington, North Carolina
