Join a role that's central to our technological controls and standards, offering a unique opportunity to shape the firm's tech controls strategy in alignment with various standards and regulatory requirements.

As a Tech Risk & Controls Lead at JPMorgan Chase within the Cybersecurity Technology and Controls, you will be responsible for the firm's control design, governance, standardization, and measurement across all the Cyber domains. Your primary focus will be leading and managing the Security Configuration Management domain. This role ensures that foundational and advanced controls across platform, network, endpoint and application security configuration are governed by clearly defined standards and measurable control objectives. This position blends deep technical understanding of controls and tooling with architectural oversight and governance rigor ensuring that the firm's operational controls are consistently engineered, validated, and improved across both cloud-native and on-premises environments.

Job responsibilities

• Lead the development of technical control objectives and standards for Security Configuration Management and other Cyber domains.
• Leverages enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis and decisioning (e.g., risk identification and documentation), validating outputs and handling data according to sensitivity and security requirements.
• Define measurable performance and effectiveness metrics for each control category, integrating telemetry, automation, and operational metrics into governance dashboards.
• Uses enterprise-authorized AI capabilities within the work environment to accelerate synthesis of risk/control evidence and draft executive-ready reporting, validating outputs and handling data according to sensitivity and security requirements
• Promotes reuse-first, AI-assisted approaches to streamline recurring control testing and issue/action-plan management routines, ensuring human review and alignment to auditability and regulatory expectations
• Partner with security engineering and operations teams to evaluate control sufficiency against threat models, regulatory expectations, and internal policies.
• Govern control implementation and sustainment across hybrid ecosystems (cloud, data center, and user endpoint environments), ensuring consistent security posture.
• Assess and guide integration of firm wide configuration drift monitoring tools (Evolven, Puppet, Chef, Wiz etc...) with JPMC's GRC ecosystem to align with standardized control objectives.
• Provide strategic insight into the control posture to architecture and risk governance leadership, driving continuous improvement in control effectiveness and efficiency.
• Collaborate across architecture, operations, and GRC teams to ensure security configuration, network and endpoint controls align with enterprise configuration standards, policies, and frameworks.
• Drives reuse-first adoption of AI-assisted security validation within SDLC/toolchain routines, improving control testing and remediation quality with traceability/auditability and resiliency expectations.
• Formal training or certification with 5+ years of experience in cybersecurity controls architecture, security engineering, or operations leadership (various Cyber domains).
• Proficient in designing or governing technical control frameworks across hybrid environments (AWS, Azure, on-premises).

Required qualifications, capabilities, and skills

• Professional certifications such as Cloud Certifications (AWS Solutions Architect, AWS Security Specialist), CISSP, CISM, or GIAC.
• Experience designing metrics and governance frameworks for Security Configuration Management, SOC, network security, or endpoint control domains.
• Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.
• Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support technology risk and controls workflows with strong validation habits and awareness of data sensitivity.
• Ability to review and validate AI-assisted risk summaries and recommendations before use, escalating when uncertain and ensuring outcomes align to security, auditability, and regulatory expectations.

#CTC

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans