Out of the successful launch of Chase in 2021, we are on a mission to continue creating products that solve real world problems and put customers at the center—all in an environment that nurtures skills and helps you realize your potential. Our team is key to our success. We’re people-first. We value collaboration, curiosity and commitment.
As a Vice President at JPMorganChase within the Accelerator Business, you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects – and depending on your strengths and interests, you'll have the opportunity to move between them.
While we’re looking for professional skills, culture is just as important to us. We understand that everyone's unique – and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference – on us as a company, and on our clients and business partners around the world.
Job Responsibilities:
Coordinate and respond to auditor RFIs, interviews, and walkthroughs by triaging asks, assigning owners, quality-checking responses, and packaging audit-ready evidence.
Drive remediation of control gaps by translating findings into actionable engineering backlog items with clear acceptance criteria and target dates.
Review Technology Control Standards and associated requirements, and ensure control procedures and documentation remain current and aligned to firm expectations.
Execute onboarding and compliance checks for required firm tooling and telemetry by verifying coverage, correctness, and timely adoption for newly onboarded services.
Lead end-to-end delivery of custom control procedures by defining control intent, aligning stakeholders, implementing operational steps, and confirming.
Develop and track mitigation plans for residual risks by setting risk-reduction actions, owners, milestones, and governance checkpoints.
Run application oversight governance (AO Governance) by monitoring control posture, overdue findings, and control exceptions, and ensuring timely remediation.
Perform thematic analysis of control and audit findings to identify systemic risks and propose preventative controls, automation, or process improvements.
Produce risk reporting and executive-ready updates by consolidating metrics, summarizing key risks, and preparing materials for firmwide forums.
Support vulnerability management governance by monitoring overdue and near-due items, recommending mitigations, and converting remediation into prioritized engineering backlogs.
Define and track control health KPIs/KRIs by establishing reporting routines that demonstrate control effectiveness, sustainability, and risk reduction over time.
Required qualifications, capabilities and skills
Professional certifications such as Cloud Certifications, CISSP, CISM, or GIAC.
Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.
Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
Extensive experience in Technology with strong understanding of Operational Risk and Controls including Tech/Cyber Risk
Ability to work with data from disparate sources to build a cohesive view on risk
Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC)
Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts