Technology Risk & Control – Control Assessments and Audits

About the Role

We are seeking an experienced Technology Risk & Controls professional to support control assessments, audits, and regulatory activities within a complex, enterprise‑scale technology environment. This role plays a critical part in strengthening the technology control framework, ensuring regulatory compliance, and partnering with technology teams to mitigate risk across the product technology organization.

Key Responsibilities

Controls & Risk Management

• Partner with Risk and Control leads to execute and sustain a robust technology controls framework.
• Support end‑to‑end control activities, including:
  • Technology risk assessments
  • Control design and effectiveness testing
  • Evidence collection and validation
  • Identification of control gaps and issues
  • Development, tracking, and closure of remediation action plans

Process & Control Enhancement

• Collaborate with Technology and Operations subject matter experts to design, enhance, and document processes, policies, procedures, and control programs.
• Remediate gaps identified through annual assessments, audits, or business‑as‑usual initiatives.

Audit & Regulatory Engagement

• Serve as the primary technology point of contact for internal audits, external audits, and regulatory examinations.
• Coordinate with first, second, and third lines of defence to gather, track, and submit accurate artefacts and evidence.
• Prepare, review, and maintain high‑quality regulatory responses in line with firm and regulatory standards.
• Maintain audit and examination tracking, providing timely and accurate status reporting to stakeholders.

Regulatory & Standards Awareness

• Monitor regulatory developments and assess their impact on the technology control environment.
• Build and maintain a strong understanding of JPM technology control standards and compliance expectations.

Required Experience & Skills

• 10+ years of experience in Technology Risk, Controls, Information Security, or Audit
• Strong understanding of:
  • SDLC, CI/CD pipelines, APIs
  • Cloud platforms (AWS preferred)
  • DevOps and Agile delivery models
• Working knowledge of industry frameworks and standards such as NIST, ISO, SOC
• Proven experience supporting technology audits and regulatory examinations
• Strong written communication, documentation, and stakeholder management skills
• Hands‑on experience with JIRA, Confluence, SharePoint

Preferred Certifications

• CISA, CRISC, CISSP
• AWS or equivalent cloud certifications