Technology Risk and Controls - Control Review and Governance Lead
Company: JPMorganChase
Location: Columbus
Posted on: April 1, 2026
|
|
|
Job Description:
Description Join our team to play a pivotal role in mitigating
tech risks and upholding operational excellence, driving innovation
in risk management. As the Infrastructure Platforms Control
Oversight Lead at JPMorgan Chase, you lead the end-to-end workflow
for reviewing and governing changes to control procedures and
control objectives in the Archer catalog, acting as the voice of
the customer while embedding robust governance, risk, and
compliance. You will develop an intake, impact assessment,
approval, and implementation tracking for catalog changes—ensuring
Infrastructure Platform owned controls remain resilient, scalable,
and aligned to firm, legal, and industry standards. You will also
communicate changes to other control objectives and procedures to
Infrastructure Platforms and gather feedback. By providing a
consolidated view of technology risk posture and full traceability
of control decisions, you drive continuous improvement through
feedback and control testing and deliver top-tier stakeholder
experiences from launch through iteration. You will also perform
various QA reviews, risk governance and oversight and control and
issue testing. Job responsibilities Own the Infrastructure
Platforms control review vision, roadmap, and backlog for Archer
catalog changes, from intake through approval and implementation
tracking. Build and operate a governance process to ensure
appropriate reviews, feedback, and sign-offs for control procedure
and control objective changes and their impact to Infrastructure
Platforms. Ensure effective identification, quantification,
communication, and management of technology risk, with emphasis on
root-cause analysis and actionable remediation recommendations.
Partner with Product Security, 2LOD, Audit, and Infrastructure
Platform leaders to validate control design and operating
effectiveness and to align with firm, legal, regulatory, and
industry standards. Execute reporting and governance of controls,
policies, issues, and metrics; provide senior management insights
on control effectiveness and risk posture. Perform control
assessments, QA reviews, issue closure testing, and oversight of
remediation plans to verify sustained control performance.
Establish KRIs/KPIs (e.g., review cycle time, defect rate, control
test pass rates) and SLAs/SLOs to drive resiliency, scalability,
and stability in the control review process. Create transparent
traceability for catalog changes, including impact assessments,
decisions, evidence, and audit-ready artifacts. Lead continuous
improvement by analyzing feedback and testing results to streamline
workflows, reduce risk, and enhance stakeholder experience.
Communicate changes to control objectives and procedures to
Infrastructure Platforms and coordinate adoption, training, and
feedback loops. Required qualifications, capabilities, and skills 5
years of experience (or equivalent expertise) in technology risk
management, information security, or related fields with a focus on
risk identification, assessment, and mitigation. In-depth knowledge
of financial regulations and compliance requirements related to
cybersecurity (e.g., GDPR, PCI DSS, SOX, FFIEC). Understanding of
national/international laws, regulations, policies, and ethics
related to financial industry cybersecurity. Proficient in data
security, risk assessment and reporting, control
evaluation/design/governance, with a proven track record of
implementing effective risk mitigation strategies. Demonstrated
ability to influence executive-level decision-making and translate
technology insights into business strategies for senior leaders.
Working knowledge of infrastructure platforms (compute, storage,
network, middleware) and cloud architectures and their control
requirements. Experience designing, testing, and evidencing
controls aligned to recognized frameworks (e.g., NIST CSF, ISO
27001, CIS Controls, SOC 2). Fluency in Agile product management
practices, including backlog management, user story creation,
acceptance criteria, and iterative delivery. Ability to build
dashboards/metrics that convey control effectiveness, cycle time,
and risk posture to stakeholders. Demonstrated ability to influence
executive-level strategic decision-making and translating
technology insights into business strategies for senior executives.
Preferred qualifications, capabilities, and skills AI prompt
engineering experience to enhance stakeholder engagement,
documentation quality, and process efficiency. CISM, CRISC, CISSP,
CISA, or similar industry-recognized certifications preferred.
Hands-on experience with security testing, simulations, or tabletop
exercises. Familiarity with coding or scripting, data analytics,
cybersecurity controls, cloud control design, and/or distributed
technologies. Advanced knowledge of the product development life
cycle, service design, and data analytics. Experience automating
control evidence collection and testing (e.g., via APIs or scripts)
to improve control reliability and repeatability. Strong data
visualization and communication skills to convey complex risk and
control information clearly.
Keywords: JPMorganChase, Hamilton , Technology Risk and Controls - Control Review and Governance Lead, IT / Software / Systems , Columbus, Ohio
