The Tech & Cyber risk officer works in partnership with Latam & Canada (LAC) Technology Operational Risk and Compliance teams to provide Risk Management through independent risk assessment, oversight, and advisory guidance to LAC Technology. This role will work closely with Cyber and Technology product teams, Information Security Managers (ISM) and Technology Management and will likely engage with other subject-matter experts across Compliance, Operational Risk, Legal, Internal Audit, and others as needed. It requires a strong self-starter who can understand program objectives, analyze complex systems, platforms and environments, understand mitigating controls using a logical approach to independently assess the control and risk environment.
We are looking for a multi-disciplined forward-looking technologist with a diverse background and experience in areas such as cloud, AI/ML, distributed ledge technology, data management, internet of things, collaboration tools, compliance and oversight. Activities include: execution of risk assessments and perform analysis of technology and process controls, evaluation of obligations of applicable Laws, Rules & Regulations and/or requirements to both existing technology and emerging technology (e.g., distributed ledger, machine learning, quantum computing etc.), engage with the regulatory change management program, as well as working with LAC Compliance, Technology and Product functions to appropriately account for technology risks in their control frameworks. Written and verbal communication of results will be provided by the Technology Compliance Risk Officer to management, executive directors, managing directors and stakeholders.
Key responsibilities include:
- Act as the primary liaison to the corresponding Line of Business (LOB) or Corporate Function in Latam & Canada countries, representing the Technology & Cyber Operational Risk Officer (ORO) to the business, the Line of business (LOB) ORO, and the corresponding Technology organizations.
- Perform deep inspection of specific technologies in targeted processes or firm-wide evaluation.
- Keep abreast of current technology trends, vulnerabilities, and emerging technologies.
- Engage with technology teams to gain full understanding of technology and risk and control environment.
- Challenge first line technology teams as required.
- Understand third party and resiliency risks as related to specific technology area of expertise.
- Perform Risk Assessments of the corresponding inherent risks and mitigating controls, work with appropriate technology areas to identify potentially elevated risk concentrations globally, and recommend any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices.
- Develop and perform ongoing analysis of significant events and operational risk loss, near miss and external events to inform results, technology assessments and scenario analysis. Additionally, investigate operational risk events meeting selection criteria; assist LOB OROs in determining the appropriate consideration of technology risk management and risk events.
- Represent CCOR T&C in Regulatory exams, key portfolio governance forums, share key learnings with the larger Tech ORM team and identify areas for escalation or further action.
- Provide critical thinking and subject matter expertise regarding compliance relevant risk in the development and execution of Risk Management for LAC Technology.
- Identify compliance relevant risk against local regulations, firmwide and regional policies & standards through independent assessment and challenge.
- Manage compliance relevant risk through developing and/or executing monitoring and testing activities, creating issues, and supporting compliance training activities.
- Provide clear communication, escalation of activities/risks identified through the execution of risk assessments and delivering advisory guidance to all relevant stakeholders.
- Establish and maintain strong relationships and ongoing dialogue with key LAC Technology leaders, ISM, Tech Operational Risk Manager (ORM), and other CCOR personnel.
Qualifications:
- BS/BA degree in computer science or equivalent experience, MS degree preferred.
- 15 years or more proven experience in technology & cybersecurity development and oversight, with financial services experience highly desired.
- Experience in Technology, Data Management, Privacy and Cybersecurity regulations within Latin America and Canada.
- Broad and deep knowledge of current and emerging technologies (e.g. cloud, blockchain, machine learning) is required.
- Preferred certifications: CRISC, CISSP, CISA, CISM.
- Experienced in interactions with regulators, understanding of banking and securities rules and regulations for LAC (e.g., LGPD, CVM, BACEN, BCRA, IIROC, BANXICO, CNBV, BCRA, OCC, FFIEC guidelines) and of regulatory expectations for a culture of compliance.
- Proven track record of Risk Management (Compliance, Technology, Operations or relevant Control Function), preferably within Financial Services.
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
- Demonstrated outstanding verbal and written communication skills with proven ability to communicate effectively at all levels and translate (e.g., in plain English, Portuguese and Spanish) technical and/or compliance requirements between technical and non-technical audiences.
- Excellent analytical skills and problem-solving skills, inquisitive nature and comfort challenging current practices.
- Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required.
- Adept at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks
- Highly disciplined, able to work with limited supervision and make independent decisions with a track record of leading by influence
- Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results
- High level of professionalism, self-motivation, and sense of urgency
- Fluent in English, Portuguese and Spanish