Bring your expertise to JPMorganChase. As part of Risk Management and Compliance, you are at the center of keeping JPMorganChase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities.  Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

As the Technology Operational Risk Management - Employee Platforms (EP) Risk Executive Director, you will lead efforts to assess risks across multiple risk stripes, develop and execute a strategy to assess EP risks, and provide independent challenge in product and risk pillar governance. You will leverage your experience in the engineering and operation of related technologies in order to identify operating control or process deficiencies within the technology stack or organization that may result in operating disruption, compliance, or security issues. In addition to developing and executing an oversight plan, you will also develop and maintain credible relationships with first line stakeholders across product and first line of defense risk pillars.

Technology & Cybersecurity Operational Risk Management (Tech & Cyber ORM) is a firm-wide group within Risk Management with second line of defense oversight responsibility for technology and cybersecurity risk.  Tech & Cyber ORM develops and reports an independent view of these risks to the Chief Risk Officer, Firm management, and the Board of Directors using multiple frameworks and methodologies.  The team is comprised of members from risk management disciplines, as well as experienced technology development and operations managers.

Employee Platforms enhances the productivity and experience of nearly 300,000 global employees by modernizing and improving their interaction with technology. The platform includes several product lines: Collaboration & Communication (Outlook, MS Teams, Zoom, etc.), Employee Compute (VDI, Macbooks, remote access), Employee Experience Technology, Employee Insights (enterprise tools for feedback), Technology Employee Support Services (technical support), and Workplace Technology Solutions (managing technology in corporate offices and retail branches). Additionally, EP offers Business-Aligned Portfolio Solutions like Core Data Platforms for analytics and Workforce Technology for HR activities. 

Job Responsibilites

Identify operational risks stemming from expanding adoption of evolving employee experience products globally Challenge first line control designers and operators across all applicable control domains Design and execute review and assessment activity to detect operational and compliance risks during the development lifecycle Support expanded focus on Third Party and Resiliency risks present in the EP product space. Assess the governance practices pertaining to the development, adherence and maintenance of technology policies, standards, and procedures. Drive policy and standards that promote risk and control effectiveness in the product space Evaluate Global Technology’s framework to ensure sustainable industry best practice, regulatory and threat-informed risk and controls. Develop data-driven strategies to identify risks  Assess all significant operational risk events (incidents) Focus on Third Party and Resiliency risks present in the EP product space

Required Qualifications, Capabilities and Skills

Minimum 10 or more years in an infrastructure or development leadership role Strong understanding of cybersecurity principles, practices, and frameworks (e.g., NIST, ISO 27001). Risk Assessment and Management Skills including the ability to develop and implement risk mitigation strategies, conduct regular risk assessments, and ensure compliance with relevant regulations and standards. Technical proficiency in AI and machine learning technologies, including their applications, limitations, and potential risks.  Familiarity with cloud security, data protection, and privacy regulations (e.g., GDPR, CCPA). Experience with ITSM/ITIL, Incident and Crisis Management, Access Control, and Technology Resiliency control processes Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals

Preferred Qualifications, Capabilities and Skills

Experience with modern technologies such as public and private cloud (AWS, GCP, Azure, etc.)  Professional certifications such as CISA, CRISC, and CISSP