JPMorgan Chase & Co.
Technology Risk & Controls Lead - Infrastructure
JPMorgan Chase & Co., Houston, Texas, United States, 77246
Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.
As a Tech Risk & Controls Lead in the Infrastructure Platforms organization, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firm's standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.
Job responsibilities
Identifies, assesses, and prioritizes technology, cyber, and operational risks across infrastructure platforms, including virtualized environments, hosted services, vendor relationships, third party integrations, and managed data center space
Provides expert guidance to engineering, supply chain, and IPI teams on risk remediation strategies, leveraging advanced Unix/Linux system administration, vulnerability management, and automation skills
Will advise on risk controls for hardware/software lifecycle management, including break-fix, maintenance, and exception handling
Facilitates investigations into security incidents, configuration drift, and operational failures
Performs root cause analysis and drive sustainable remediation and control improvements
Designs, implements, and tests controls to ensure compliance with firm policies, regulatory requirements, and industry standards
Oversees governance of technology asset management, onboarding, and exception processes
Will advise on secure onboarding, configuration, and testing of new hardware/software, ensuring compliance with Technology Asset Governance (TAG) and Technology Product Catalog (TPC)
Will advise on capacity planning, performance testing, and infrastructure optimization to mitigate risks related to resource utilization and operational stability
Champions the use of automation tools for risk monitoring, reporting, and control enforcement. Identify opportunities to streamline workflows and enhance operational efficiency
Required qualifications, capabilities, and skills
5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives
Demonstrated expertise in vulnerability management, incident response, and root cause analysis for hardware, software, and firmware
Understanding of technology asset governance, onboarding, and compliance processes in large-scale data center and cloud environments
Proven ability to design, implement, and test controls for regulatory compliance and operational excellence
Strong analytical, problem-solving, and communication skills, with the ability to translate technical risk insights into business strategies for senior executives
Experience supporting cross‑functional teams
Familiarity with risk reporting tools, automation, and dashboarding for risk metrics
Preferred qualifications, capabilities, and skills
CISM, CRISC, CISSP, or similar industry‑recognized risk and risk certifications are preferred
Experience with performance testing, patch/firmware certification, and troubleshooting in complex infrastructure environments
Experience in process optimization and workflow automation for risk and control functions
Hands‑on experience with virtualization platforms, network fabrics, and automation/configuration management tools (e.g., Ansible, Puppet, Chef)
Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements
#J-18808-Ljbffr
As a Tech Risk & Controls Lead in the Infrastructure Platforms organization, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firm's standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.
Job responsibilities
Identifies, assesses, and prioritizes technology, cyber, and operational risks across infrastructure platforms, including virtualized environments, hosted services, vendor relationships, third party integrations, and managed data center space
Provides expert guidance to engineering, supply chain, and IPI teams on risk remediation strategies, leveraging advanced Unix/Linux system administration, vulnerability management, and automation skills
Will advise on risk controls for hardware/software lifecycle management, including break-fix, maintenance, and exception handling
Facilitates investigations into security incidents, configuration drift, and operational failures
Performs root cause analysis and drive sustainable remediation and control improvements
Designs, implements, and tests controls to ensure compliance with firm policies, regulatory requirements, and industry standards
Oversees governance of technology asset management, onboarding, and exception processes
Will advise on secure onboarding, configuration, and testing of new hardware/software, ensuring compliance with Technology Asset Governance (TAG) and Technology Product Catalog (TPC)
Will advise on capacity planning, performance testing, and infrastructure optimization to mitigate risks related to resource utilization and operational stability
Champions the use of automation tools for risk monitoring, reporting, and control enforcement. Identify opportunities to streamline workflows and enhance operational efficiency
Required qualifications, capabilities, and skills
5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives
Demonstrated expertise in vulnerability management, incident response, and root cause analysis for hardware, software, and firmware
Understanding of technology asset governance, onboarding, and compliance processes in large-scale data center and cloud environments
Proven ability to design, implement, and test controls for regulatory compliance and operational excellence
Strong analytical, problem-solving, and communication skills, with the ability to translate technical risk insights into business strategies for senior executives
Experience supporting cross‑functional teams
Familiarity with risk reporting tools, automation, and dashboarding for risk metrics
Preferred qualifications, capabilities, and skills
CISM, CRISC, CISSP, or similar industry‑recognized risk and risk certifications are preferred
Experience with performance testing, patch/firmware certification, and troubleshooting in complex infrastructure environments
Experience in process optimization and workflow automation for risk and control functions
Hands‑on experience with virtualization platforms, network fabrics, and automation/configuration management tools (e.g., Ansible, Puppet, Chef)
Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements
#J-18808-Ljbffr