JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at www.jpmorganchase.com.
The Technology Controls Team is responsible for IT risk coverage for JPMorgan Chase's Risk & Finance Technology (RFT) line of business. The goal of this team is to consistently identify, assess, and manage technology risks across all environments. Where controls are not adequate, this team escalates those concerns and assists with driving improvements to the overall control environment. To accomplish this goal, the team partners with corporate groups including the Global Privacy Office, Corporate ITRM, Audit, and the RFT Technology teams. The team also serves the business in a consultative manner, providing guidance to the business on addressing identified technology risks.
As a Technology Controls Officer, you will support Control Self Assessment (CSA) reviews, IT risk management oversight, facilitate remediation efforts as needed and support reporting for LOB management.
The RFT TCO team supports all of the Information Security and Technology Risk Management for their groups within the Risk and Finance Technology organization, as well as the Risk functions for the firm. This lead role will be expected to use their experience and knowledge to contribute to the wider strategy implementation for Risk & Finance Technology and manage relationships successfully with senior management in the business, technology and corporate functions, such as Internal Audit. The TCO Team works closely with the Control functions to ensure that they meet all corporate policy and standards as well as specific requirements for risk as a function, and will work on special projects to enhance controls leveraging skills and expertise across the corporate sector and the firm.
The key responsibilities of the Information Risk Manager include:
- Take a leadership role in working with CTO’s and their organizations to ensure the RFT TCO strategy is executed
- Work with a team of Technology Control specialists to ensure the technology risk environment is controlled and risks minimized, breaking down data to provide groups with their specific view of the current state of Controls and Residual Risk
- Assist in interpreting corporate control guidelines and policies, communicating these clearly alongside current status, and guide constituents to ensure compliance in a pragmatic fashion
- Ensure information risk control issues/gaps are documented clearly and remediation plans are developed to address them, as well as investigating and resolving control incidents
- Participate and, where appropriate, lead projects to improve or remediate controls with scope varying from individual groups to RFT as a whole
- Coordinate interaction with internal and external audit on control requirements and/or issues. Ensure information from past audits is leveraged to improve controls across the entire area.
- Build a culture focused on awareness of the technology risk environment, utilizing existing training materials and developing content, where applicable
Assist with monitoring existing technology issues and actions and support the closure verification process, negotiate remedial actions and due dates
Enforce compliance with Firm-wide risk reduction programs
Assist with the quality assurance review of various control assessment programs
Leverage scorecards to help Technology Controls Team manage internal objectives (e.g., timely completion of assessments, action plan closure status)
Identify opportunities for process improvements to deliver increasing efficiency within assessment framework
8+ years of experience in IT, IT Risk management, Audit or equivalent
Proficient and capable to communicate the Inherent Risk and Control effectiveness to others
Proficient risk assessment, interpretation, analytical and negotiation skills
Proficient verbal and written communication skills, including the ability to effectively lead discussions and meetings with senior management
Knowledge of current regulatory impact and expectations on technology per Sarbanes Oxley, Gramm-Leach Bliley Act, Frank-Dodd, Basel and other regulations affecting Risk and Finance