JPMorgan Conduct Operational Risk - EMEA Head Data 

United Kingdom, England, London 

681609453

As a Head of Data & AI for the EMEA region within CCOR function you will be in the second line of defence. In this role you will be responsible for independent challenge and oversight of the business with respect to data (including privacy) & AI governance. You will devise and operate operating an appropriate risk-based oversight program regarding the firm’s compliance with applicable laws, rules and regulations, such as GDPR, BCBS 239 Risk Data Aggregation and Reporting requirements (RDARR), EU AI Act, and other relevant data, privacy and AI related laws and regulations across Europe, the Middle East, and Africa (EMEA). You will oversee and challenge the firm’s activities in EMEA in respect of data quality, protection, privacy, localization, retention, destruction, usage, and AI-related risks, including hallucination, bias, governance and other concerns. You will be a primary point of contact for supervisory regulatory interactions and collaborate with compliance, conduct and operational risk professionals covering other regions, lines of business, and corporate functions as well as engage with stakeholders in business, chief data office, legal, and control management stakeholders in EMEA to manage data, privacy, and AI risks to safeguard customer and employee data, ensure first line of defence compliance with applicable laws, rules, and regulations in EMEA, and operate the firm safely and soundly.

Job responsibilities

• Ensure oversight and challenge to the business’ compliance with GDPR and other laws and regulations relevant to data & AI risk across the EMEA region. Develop, implement, and maintain relevant data & AI risk management EMEA-specific policies and procedures as required
• Support regulatory engagements including queries, regular meetings and exams as required with regulatory bodies including the Information Commissioner's Office (ICO), FCA, and PRA in the UK and other relevant authorities in the EMEA region, including ECB
• Work directly with senior leaders in CCOR and the first line of defense to provide credible challenge to assessments of the risk and control environment, including issue identification and remediation and control effectiveness across data & AI risks
• Provide challenge to and engage with internal stakeholders, including CTC, Legal, and the LOB Privacy Champions and Chief Data and Analytics office in EMEA, to ensure data regulatory requirements are met
• Develop monitoring and testing activities, including working with technology CCOR teams to identify and assess data & AI risks and provide challenge to the business to implement measures to mitigate
• Conduct and/or oversee Data Protection Impact Assessments (DPIAs) for new projects and initiatives
• Execute compliance and operational risk assessments and challenge in line with the global CCOR oversight program and local regulatory obligations
• Ensure and challenge to the business’ compliance with regulations in the development and deployment of AI systems
• Develop monitoring and testing activities to identify and cause mitigation of operational risks including data risks associated with AI technologies
• Monitor the impact of new AI regulations across the EMEA region, oversee first line of defence implementation of such regulations, and update policies and procedures accordingly
• Report the results of CCOR data & AI risk management activities including challenges and monitoring and testing activities to senior managers and other stakeholders. Escalate emerging risks and issues and prepare and present relevant reports for senior leaders

Required qualifications, capabilities, and skills

1. Bachelor's degree in Law, Information Security, Business Administration, or a related field.
2. Substantial experience in data protection, privacy, compliance, or a related field, financial services industry
3. Strong analytical and problem-solving skills
4. Excellent communication and interpersonal skills, particularly in dealing with and influencing senior business stakeholders
5. Ability to work independently and manage multiple tasks simultaneously
6. Highly motivated, energetic self-starter who takes ownership
7. High ethical standards and integrity
8. Proactive and results-oriented mindset

Preferred qualifications, capabilities, and skills

• Experience within the financial services industry
• In-depth knowledge of GDPR and other relevant data risk laws in the EMEA region
• Proficiency in tools (Alteryx, Tableau, Excel)