Tech Risk and Controls Lead

About The Position

Requirements

• Formal training or certification with 5+ years of experience in cybersecurity controls architecture, security engineering, or operations leadership (various Cyber domains).
• Proficient in designing or governing technical control frameworks across hybrid environments (AWS, Azure, on‑premises).
• Professional certifications such as Cloud Certifications (AWS Solutions Architect, AWS Security Specialist), CISSP, CISM, or GIAC.
• Experience designing metrics and governance frameworks for Security Configuration Management, SOC, network security, or endpoint control domains.
• Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.
• Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support technology risk and controls workflows with strong validation habits and awareness of data sensitivity.
• Ability to review and validate AI-assisted risk summaries and recommendations before use, escalating when uncertain and ensuring outcomes align to security, auditability, and regulatory expectations.

Responsibilities

• Lead the development of technical control objectives and standards for Security Configuration Management and other Cyber domains.
• Leverages enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis and decisioning (e.g., risk identification and documentation), validating outputs and handling data according to sensitivity and security requirements.
• Define measurable performance and effectiveness metrics for each control category, integrating telemetry, automation, and operational metrics into governance dashboards.
• Uses enterprise-authorized AI capabilities within the work environment to accelerate synthesis of risk/control evidence and draft executive-ready reporting, validating outputs and handling data according to sensitivity and security requirements
• Promotes reuse-first, AI-assisted approaches to streamline recurring control testing and issue/action-plan management routines, ensuring human review and alignment to auditability and regulatory expectations
• Partner with security engineering and operations teams to evaluate control sufficiency against threat models, regulatory expectations, and internal policies.
• Govern control implementation and sustainment across hybrid ecosystems (cloud, data center, and user endpoint environments), ensuring consistent security posture.
• Assess and guide integration of firm wide configuration drift monitoring tools (Evolven, Puppet, Chef, Wiz etc…) with JPMC's GRC ecosystem to align with standardized control objectives.
• Provide strategic insight into the control posture to architecture and risk governance leadership, driving continuous improvement in control effectiveness and efficiency.
• Collaborate across architecture, operations, and GRC teams to ensure security configuration, network and endpoint controls align with enterprise configuration standards, policies, and frameworks.
• Drives reuse-first adoption of AI-assisted security validation within SDLC/toolchain routines, improving control testing and remediation quality with traceability/auditability and resiliency expectations.

Benefits

• comprehensive health care coverage
• on-site health and wellness centers
• a retirement savings plan
• backup childcare
• tuition reimbursement
• mental health support
• financial coaching