VP, Information Risk Lead - Enterprise Access Administration

Corporate Technology & Risk (CTR) delivers streamlined and consistent solutions supporting JPMorgan Chase’s Controls, Compliance, Legal, HR and IT Risk agendas, with a focus on stability, delivery, efficiencies and people. The goal of CTR’s drive to standardization, consistency and simplicity is a JPMorgan Chase architecture that fosters long-term productivity, quality and innovation across the entire enterprise. The disciplines within this organization are Corporate Compliance Technology, Corporate Functions Technology, Control System Technology, Human Resources Technology, and Global Identity and Access Management.

 

Technology Operations & Controls (TOC) within CTR includes the following functions: Application Operate, Program Delivery Services, Production Services, Testing & Release Services, Controls Services, Enterprise Access Administration, and Identity & Access Governance. The Testing & Release Services function within TOC is building out the Quality Assurance Utility, providing QA functional and regression testing as a service to applications across CTR.  The overall objective of the QA Utility is to provide a consistent, standardized, best practice approach to QA testing across CTR, driving improved production stability of CTR applications.

 

The Information Technology Risk Manager in Identity and Access Management, will serve as primary liaison between the business and technology teams to achieve full adoption and integration into the strategic access control process and corresponding toolset. The individual will be accountable for the overall strategy and direction of the global onboarding team.  Primary responsibilities include the direct accountability of successful integration of applications into the operational support model, resolution ownership technical complexities, and controls adherence / oversight for all onboarding activities. Strong communication skills, problem solving skills, and the ability to implement risk management controls across multiple Lines of Businesses are a must.  This individual will be accountable for implementation of strategic initiatives related to new or enhanced security products and toolsets on supported environments.  They will identify, define, approve and ensure implementation of continuous process improvements utilizing various tools and methodologies.  They will be expected to manage operational risk and ensure compliance to all internal and external policies and regulations.  Ensure appropriate control environment is developed and maintained.  Ensure successful implementation of action plans to address risk and control issues.  Promote security awareness across the firm on an on-going basis.

Additional responsibilities include:

• Define, report on, and execute against the vision, goals and critical success factors for this tower.
• Capacity planning and management. 
• Prepare business cases for staffing decisions; approve recommendations on hiring and staffing decisions. 
• Evaluate and execute appropriate staffing plans in order to achieve departmental goals.
• Implementing risk management strategies.
• Business Continuity and Disaster Recovery for the Operation.
  
• Ensure that the operating model consists of appropriate levels of resiliency across all responsible locations, documented and tested accordingly.
• Improve current processes and drive positive change in: controls, data quality, regulatory compliance, and on-boarding/off-boarding initiatives.
• Work with global operations management to promote risk awareness and compliance, in line with established IT Control policies, processes and procedures.
• Provide leadership, direction and support to all Operations staff globally.
• Develop and implement effective processes to identify, escalate, report and track risk related issues.
• Partner and coordinate with Information Owners, IRMs and Application Support teams and I&AM Controls and Governance to improve controls around access provisioning.
• Perform all analysis required for control/audit requests and closure of RCSA Action Plans.
• Support all internal/external audits and ensure timely and effective response for all requests for information on a priority basis.
• Manage any adhoc compliance and security-related projects as required by management.
• Provide on-going (daily, weekly, monthly, quarterly) analysis and reporting on team performance and progress.
• Expense management and financial planning.
• Collaboration with global stakeholders.
• International travel required; 5-10% travel expected for role.

Required Qualifications:

• Bachelor's Degree in related field or equivalent experience
• 7+ experience in IT Risk Management, specifically Identity & Access Management
• 5+ years Program/Project Management Experience.
• Industry recognized certifications (CISA, CISM, CRISC) recommended.
• Bachelor’s Degree preferred; MBA or a masters degree in Risk Management, Operations or similar discipline preferred or equivalent experience.

Key Competencies:

• Demonstrated understanding of Risk Technology Controls and driving Business programs.
• Ability to manage multiple work streams and efforts throughout the organization.
• Excellent interpersonal and communication skills, including ability to negotiate, compromise and demonstrate diplomacy in sensitive situations and to interact effectively with senior management.
• Understanding of key controls and how they impact the business from an operational or systems perspective.
• Experience executing deep dive reviews to identify process and control gaps and identify the root cause of issues to ensure appropriate controls are enhanced or implemented to prevent reoccurrence.
• Proven leadership skills with excellent track record in delivering high performance.
• Demonstrated coaching, motivational and team building skills.
• Experience with operational risk analysis, process improvement, end-to-end process reviews and process flow mapping.
• Strong strategic thinking, research, analytical, problem solving and decision-making skills.
• Excellent project management skills to manage risk initiatives in a global environment.
• Ability to identify ways to increase efficiency and effectiveness of work performed and resources utilized.
• Provide sound advice and guidance to add value and address problems
• Ability to effectively influence peers and business partners to achieve objectives.
• Foster partnerships will all stakeholders to contribute to the firm’s success
• Attentive listener who is able to receive and react appropriately to feedback provided by stakeholders.
• Is articulate and composed when delivering difficult messages to stakeholders.
• Effectively mediate and resolve conflict either within existing team or with stakeholders
• Ability to work under pressure and to strict deadlines.
• High level of professionalism, self-motivation and sense of urgency.
• Ability to prioritize and execute on multiple, simultaneous, complex priorities.
• Good organizational skills & planning ability.
• Thrives on challenges in a fluid working environment.
• Results orientated without compromising control