JPMorgan Audit Tech Risk Controls Senior Associate 

United States, Florida, Tampa 

494018368

As a Tech Risk & Controls Senior Associate in Enterprise Technology Information & Access Management, you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firm's standards. Leverage your broad knowledge in risk management principles and practices to assess and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm’s risk posture. Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards.

Job responsibilities

• Understand and respond to Requests for Information (RFI's) for Identity Access Management audits and regulatory exams, performing final review of submitted evidence.
• Assist in coordinating teams, collection and review of current documentation, and be able to act as an SME in regard to related high level design documents relating to the controls executed by individual IAM teams for delivery to Internal and External audit teams.
• Work across multiple stakeholder groups at various levels and efficiently document / track RFI engagement and actions.
• Partner with the Identity and Access Management global teams to understand SOC1 & SOX changes and their impacts to the control environment.
• Maintain ownership and up to date reporting of the audit/regulatory deliverables in scope.
• Identify and assist with implementing process improvement points throughout the Audit/Control teams RFI lifecycle – intake, workflow, reporting and tracking.
• Understand and proof documentation regarding complex business processes.
• Understand and evaluate product level CORE Processes, associated Risks and their compensating Controls.
• Create new or edit a wide variety of user process documents including operation process flows, Power Point training decks, and quick reference aides relating to functions within the Audit/Control Team specifically.

Required qualifications, capabilities, and skills

• 3+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessment, and mitigation
• Strong understanding of IT risk management frameworks and information security controls
• Proficient in Identity Access Management controls, principles, and regulatory obligations
• Experience in infrastructure projects, operations systems, and data analytics
• Skilled in generating executive-level reports and presentations; comfortable presenting to auditors and senior leadership
• Excellent multitasking and prioritizing skills, capable of managing multiple complex projects simultaneously
• Strong oral and written communication skills, able to present audit information and findings effectively
• Detail-oriented and organized, with the ability to produce quality documentation under tight deadlines
• Motivated self-starter with a strong sense of urgency and genuine interest in continuous learning and growth
• Strong proficiency in MS Office Suite, including Excel, Word, Project, PowerPoint, Access, and Visio
• Ability to work independently with minimal supervision and effectively in a team-oriented environment

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or other industry-recognized risk certifications
• Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC)
• Collaboration with internal and external technology audits (3^rdLine of Defense), Operational Risk Management deep dives and testing (2^ndLine of Defense), and the ability to advocate on behalf of subject matter experts