Apply Now    

Director - RCC Head of Risk Assessment, Policies & Standards (Risk Control & Cybersecurity)

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at www.jpmorganchase.com.

 

Corporate Technology & Risk (CTR) delivers streamlined and consistent solutions supporting JPMorgan Chase’s Controls, Compliance, Legal, HR and IT Risk agendas, with a focus on stability, delivery, efficiencies and people.  The goal of CTR’s drive to standardization, consistency and simplicity is a JPMorgan Chase architecture that fosters long-term productivity, quality and innovation across the entire enterprise.

 

Risk Control & Cybersecurity (RCC) supports the Corporate Technology & Risk (CTR) organization to identify, analyze, manage and mitigate information technology risks.  The RCC organization is comprised of the following disciplines:  TCO Services; Audit, Issue & Regulatory Management; Risk Assessment, Policies and Standards; Cybersecurity Risk Management & Architecture; Cybersecurity Production Management; Controls Assurance & Resiliency; Controls & Cyber Program Delivery Office; and APAC Controls & Cybersecurity.

 

The Head of Risk Assessment, Policies and Standards Executive Director will lead a small team of risk management professionals and will be responsible for implementing the overall risk assessment program for CT&R.  In addition, the role will participate in the development, approval and interpretation of technology policies, standards and procedures; including the maintenance of the firm’s enterprise identity and access management standards.  The role is also responsible for maintaining a strong relationship with the business to understand, maintain and document the ongoing risk and control profile of the business.

 

The successful candidate will be part of a growing team to maintain a continued understanding of the key risk to the business and be able to converse with technology experts  to identify both process and technology controls to mitigate those risks. They will also provide advice to projects to ensure prioritized delivery of capabilities mitigating the key risk facing the business.

  

Key responsibilities:

  • Strong client relationship management skills at all levels with the business and technology. Facing off to Chief Technology Officers and Heads of Business functions with the ability to convey complex controls topics in a clear understandable manner.
  • Contribute to the development and implementation of technology policies, standards, procedures, and guidelines.
  • Develop, maintain and serve as the custodian of Firm-wide ‘Access Management’ standards by adhering to core ITRC policies, governing regulations and management schedules through consultation with LOBs and stakeholder groups.
  • Participate in the firm-wide Policy & Standards steering committee to review, advise and approve changes in all technology policies and standards.
  • Develop Key Risk Indicators, as well as other quantitative and qualitative measures to build models to clearly articulate performance of controls and the assessment of inherent and residual risk.
  • Define the strategy, framework and program schedule for technology control assessments including risk and control self-assessments (RCSA), application risk assessments (ARA), infrastructure and location assessments and testing.
  • Manage and track completion of technology control assessments as well as measure and report on the effectiveness and efficiency of assessment programs.
  • Correlate themes, perform risk analytics and ad hoc risk assessments to identify weaknesses and provide recommendations to improve the quality and effectiveness of the control environment.
  • Represent CT&R to ensure enterprise risk tools meet the business requirements of our end users and drive adoption of standard risk management tools and systems across CT&R.
  • Build relationships and liaise with the Compliance organization to ensure better understanding around regulatory requirements and reporting activities.

Qualifications

  • Minimum of 15+ years experience in Information Technology, IT Risk, or IT Controls, including the implementation of associated Policies & Standards frameworks.
  • A graduate degree or equivalent experience (in computer science, information systems management, business administration or related field) is preferred.
  • Information security certifications (such as CISSP, CISA, CISM or related certifications) would be preferred.
  • Strong interpersonal and communication skills, plus the ability to achieve goals through influence, collaboration, and cooperation.
  • Demonstrated ability to work effectively with all levels of and organization from executives to technology specialists.
  • Ability to persuade and influence is KEY.  Must have ability to be tactful yet assertive.
  • Ability to influence across the organization at a senior level including technology and business executives.
  • Excellent written and verbal communication skills.
  • Exceptional data analysis, both quantitative and qualitative.
  • Strong reasoning and logic, problem solving skills.
  • Experience in working with diverse cross geography teams including managing an offshore and/or outsourced team
Req #: 160043910
Location: Jersey City, NJ US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.


Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.