JPMorgan Tech Risk Assurance Lead-VP Software & Architecture Governance 

India, Telangana, Hyderabad 

475914398

As a Tech Risk Assurance Lead within the Cybersecurity and Technology Controls team, you will lead expert technical risk assurance and control oversight to ensure the firm's products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management, you will work with cross-functional teams to identify, assess, and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firm's operations, financial management, and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.

Job responsibilities

• Ensures SDLC and Architecture technology risk impacting the business is proactively identified, quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
• Provides continuous support for the identification and maintenance of SDLC and Enterprise Architecture control objectives, relevant risk-based telemetry design and related assessments.
• Monitors control implementations and execution to ensure compliance with technology control requirements and escalate material risk.
• Supports requests from Regulatory, Audit and Compliance Engagements impacting the SDLC and Enterprise Architecture controls.
• Ensures the security of the Firm's various SDLC pipelines and adherence to “secure from the start” principles through strong risk leadership and collaboration with partners,
• Evaluates and ensure adequate coverage, and disposition of, regulatory changes relating to Software Development and Architecture Governance processes.
• Helps produce relevant content for governance forums to inform the business of changes to control requirements and their overall risk posture.

Required qualifications, capabilities, and skills

• 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation
• Demonstrable experience in integrating security into the SDLC, including threat modeling, secure code reviews and vulnerability management
• Proven track record in developing and implementing risk management frameworks and governance structures to mitigate security risks in software development and architecture.
• Ability to analyze complex security issues, identify root causes, and develop effective mitigation strategies, particularly in the context of emerging technologies.
• Knowledge on relevant regulatory requirements and industry standards (e.g., GDPR, CCPA, ISO 27001, NIST) and experience in ensuring compliance within the SDLC and architectural frameworks.
• Strong ability to communicate complex security concepts to technical and non-technical stakeholders, and to influence decision-making at all levels of the organization.
• Commitment to staying current with the latest security trends, emerging technologies, and threat landscapes, and the ability to adapt strategies accordingly.

Preferred qualifications, capabilities, and skills

• Advanced understanding of blockchain principles, smart contracts, and decentralized applications, with experience in assessing and mitigating security risks associated with blockchain implementations. Knowledge of AI/ML algorithms, adversarial machine learning, and security implications, with hands-on experience in securing AI/ML models and systems.
• Relevant certifications such as CISSP, CISM, CEH, or equivalent, and a degree in Computer Science, Information Security, or a related field. Advanced degrees (e.g., Master's) are a plus.