Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

JPMorgan Tech Risk & Controls Lead 
United Kingdom, England, London 
392188602

18.12.2024

As a Technical Tech Risk & Controls Senior Associate in the Cyber Security Tech Controls (CTC) team, aligned with the Corporate Investment Banking division, you will be an integral part of a cyber risk management function. The team primarily focuses on a cross-asset platform that delivers innovative and efficient applications to various business units within the firm, including sales, trading, operations, risk and research.

You will contribute to the successful identification and management of technology-aligned aspects of Governance, Risk, and Compliance (GRC) in line with the firm's standards. Leveraging your broad knowledge in risk management principles and technical experience, you will identify assess and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm’s risk posture. Through a deep technical aptitude, collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards.

Job responsibilities

  • Risk Assessment, Monitoring & Reporting: Assess, monitor & report technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices.
  • Control Implementation: Support the implementation of effective controls in collaboration with cross-functional teams and stakeholders.
  • Control Evaluation: Evaluate the effectiveness of existing controls, identify gaps, and recommend improvements to mitigate risks and enhance the firm's risk posture.
  • Risk Analysis and Mitigation: Analyze complex situations, provide advice on risk management strategies, and support the implementation of risk mitigation measures.
  • Documentation and Communication: Document and articulate risks appropriately; raise issues and action plans in CORE as appropriate in partnership with application partners.
  • Technical Assessments / Threat Identification: Working closely with application partners identify attack and threat vectors through threat modelling, discovery, vulnerability, and penetration testing.

Required qualifications, capabilities, and skills

  • Between 4-5 years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessments, controls testing, and mitigation.
  • Experience in risk identification, assessment, and control evaluation, with a strong understanding of industry standards.
  • Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders.
  • Proficient knowledge of risk management frameworks, regulations, and industry best practices.
  • Good understanding of Software Development Life Cycle (SDLC) pipelines, CI/CD, application resiliency, and security, IAM, Data Protection and vulnerability management.
  • Software / Security engineering background in any modern programming languages and Cloud experience (ideally Amazon Web Services) due the systems and community we are actively working within.
  • Technical ability to gather and combine data from disparate sources to build a cohesive view on risk.
  • Ability to develop and maintain robust relationships becoming a trusted partner with LOB technologists to progress toward shared goals
  • Awareness of key risks in the financial services sector, particularly pertaining to on-prem and/or public cloud hosted infrastructure & applications.
  • Enthusiasm for enabling the business to create new governance and controls.

Preferred qualifications, capabilities, and skills

  • CISM, CRISC, CISSP, or other industry-recognized risk certifications.
  • Ability to think outside the box and proven experience in eliminating toil and crafting efficient processes.
  • Good understanding of coding in Python (or other modern languages) and/or proficiently to navigate/follow code.