Tech Risk and Controls Director

About The Position

Requirements

• Formal training or certification with 10+ years of experience in cybersecurity controls architecture, security engineering, or operations leadership (various Cyber domains).
• Proficient in designing or governing technical control frameworks across hybrid environments (AWS, Azure, on‑premises).
• Good knowledge of modern enterprise security toolsets and their control capabilities, including security configuration and drift management, network segmentation, endpoint protection, and detection/response.
• Hands on building and measuring technical control effectiveness through metrics, telemetry, and compliance automation.
• Exceptional communication and leadership skills with a track record of influencing technology strategy and control adoption at scale.
• Deep familiarity with NIST (800-53 and 800-128 are required), ISO, CIS, and zero‑trust control frameworks.

Nice To Haves

• Professional certifications such as Cloud Certifications (AWS Solutions Architect, AWS Security Specialist), CISSP, CISM, or GIAC.
• Experience designing metrics and governance frameworks for Security Configuration Management, SOC, network security, or endpoint control domains.
• Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.

Responsibilities

• Lead the development of technical control objectives and standards for Security Configuration Management and other Cyber domains.
• Define measurable performance and effectiveness metrics for each control category, integrating telemetry, automation, and operational metrics into governance dashboards.
• Partner with security engineering and operations teams to evaluate control sufficiency against threat models, regulatory expectations, and internal policies.
• Govern control implementation and sustainment across hybrid ecosystems (cloud, data center, and user endpoint environments), ensuring consistent security posture.
• Assess and guide integration of firm wide configuration drift monitoring tools (Evolven, Puppet, Chef, Wiz etc…) with JPMC's GRC ecosystem to align with standardized control objectives.
• Provide strategic insight into the control posture to architecture and risk governance leadership, driving continuous improvement in control effectiveness and efficiency.
• Collaborate across architecture, operations, and GRC teams to ensure security configuration, network and endpoint controls align with enterprise configuration standards, policies, and frameworks.

Benefits

• We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location.
• Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions.
• We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more.