Technology Risk and Controls Lead (Cybersecurity Governance)

Are you ready to make a real impact in digital banking? Join our innovative team at JPMorgan Chase as we launch Chase Germany and revolutionize mobile banking. You’ll be part of a diverse, collaborative environment where your ideas and expertise drive meaningful change. We offer unparalleled opportunities for career growth, skill development, and the chance to work with cutting-edge technology. Your contributions will help build the bank of the future and deliver exceptional experiences to millions of customers.

As a Technology Risk & Controls Lead in the Cybersecurity & Technology Controls team, you will analyze, consolidate, and support the production of reports on trends and metrics for a range of audiences, including management and external regulators. You will articulate cyber and technology risks, working closely with technical and non-technical control owners to drive actionable remediation. In this role, you will collaborate with stakeholders in a dynamic technical environment, helping to shape the future of digital banking in Germany. You will have the opportunity to grow your expertise and make a significant impact on our team and customers.

Job responsibilities

• Lead and mature cyber risk management activities across consumer banking products, providing thought leadership and guidance.
• Ensure technology risk is identified, quantified, communicated, and managed, including root cause analysis and recommendations.
• Develop, monitor, and report on cybersecurity KPIs and KRIs to enhance technology control effectiveness.
• Support and review technology controls against requirements, policy statements, and regulatory standards.
• Analyze and report on compliance at the LoB, firmwide, and regulatory levels.
• Build and maintain strong relationships with stakeholders, technology teams, and corporate functions.
• Facilitate oversight and business-as-usual risk activities.
• Deliver effective reporting on technology control performance.
• Collaborate with cross-functional teams to drive continuous improvement.

• Communicate complex technology and security risks to non-technical audiences.

  Required qualifications, capabilities, and skills

• Bachelor’s degree or equivalent combination of education and relevant experience.
• Relevant work experience in IT and cybersecurity controls.
• Experience with IT risk management operating models and three lines-of-defense frameworks.
• Advanced knowledge of information security domains, including risk and control assessments, access controls, regulatory compliance, technology resiliency, incident management, vulnerability management, third-party risk management, and data protection.
• Basic knowledge in Cloud security.
• Strong analytical skills and ability to deliver measurement and reporting for continuous improvement.
• Excellent communication skills and ability to collaborate with diverse teams.

• Self-motivated with a desire to learn and operate on multiple tasks while maintaining high delivery standards.

  Preferred qualifications, capabilities, and skills

• Certifications in CISA, CISM, CRISC, CISSP, CCSP, AWS, GCP, or similar.
• Expertise in banking regulations, EBA Guidelines on ICT and Security Risk Management, DORA, ISO27001, and NIST frameworks.

#CTC