JPMorgan Compliance - Technology Operational Risk 

United States, New York, New York 

79333317

As an Identity and Access Management (IAM) Technology Operational Risk Management Executive Director within the Compliance Conduct and Operational Risk Technology & Cybersecurity (CCOR Tech & Cyber) group, you will focus on providing independent oversight of IAM-related operational risk management practices across Lines of Business (LOBs), Regions, and Corporate Functions (CFs). Your role will involve ensuring compliance with technology and cybersecurity laws, rules, and regulations specifically related to identity and access management. You will be responsible for reviewing and assessing the governance of IAM processes and controls, identifying risks inherent in JPMorgan Chase's technology environment, and ensuring that access to systems and data is appropriately managed and secured. This includes evaluating the effectiveness of IAM frameworks, policies, and procedures, and ensuring that they align with industry best practices and regulatory requirements.

Job responsibilities

• Conduct in-depth inspections of IAM technologies within processes or firm-wide for compliance and effectiveness.
• Stay informed on IAM enforcement actions, regulatory changes, and emerging solutions for compliance.
• Respond to regulatory inquiries on IAM, providing documentation and insights to demonstrate compliance.
• Engage with cybersecurity teams to align IAM practices with the control environment.
• Review significant events where IAM is a factor to derive lessons learned and improve processes.
• Assess IAM-related technology risks and coordinate with application risk assessments.
• Evaluate IAM security risks in third-party relationships, focusing on technology expertise.
• Develop risk positions for new technologies, escalating and tracking risk items as necessary.
• Identify global risk concentrations, assess risks, and recommend control adjustments.
• Analyze Operational Risk losses and events to inform RCSA results and technology assessments.
• Participate in IAM governance forums to provide insights and drive strategic risk management initiatives.

Required qualifications, capabilities and skills

• BS or BA degree in computer science or possess equivalent experience.
• 10+ years in IAM cybersecurity or engineering roles.
• Deep understanding of IAM, PAM, and RBAC.
• Familiarity with MFA, SSO, and zero trust architecture
• Knowledge of cloud security and hybrid IAM implementations (Azure, AWS, GCP).
• Ability to assess and remediate IAM vulnerabilities and access control weaknesses.
• Hands-on experience with IAM tools like SailPoint, Okta, CyberArk, Microsoft Entra ID, and Ping Identity.
• Experience managing and securing Microsoft Active Director (AD) and Azure AD (Entra ID).

Preferred qualifications, capabilities and skills

• Expertise in GPO, Kerberos authentication, NTLM, and LDAP.
• Implementation of least privilege access, PAM, and administrative tiering in AD.
• Experience with ADFS, conditional access policies, and identity federation.
• Understanding of AD-related security threats and familiarity with Microsoft Defender for Identity and Azure AD Identity Protection.