The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.

As a Technology Risk & Controls (TRC) Associate within the Cybersecurity and Technology Controls organisation, you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firm’s standards. You will collaborate with a broad range of stakeholders, leveraging your knowledge of risk management principles and practices to assess and monitor risks and implement effective controls. Your contributions will strengthen the firm’s risk posture, enhance operational resilience, and support regulatory compliance.

Job responsibilities

• Assess and monitor technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices
• Support implementation and evaluation of effective controls, identifying gaps and recommending improvements
• Demonstrate good analytical and problem-solving skills, with the ability to break down complex processes, analyze potential risks and present solutions to key stakeholders
• Communicate findings and contribute to recommendations for improvements, ensuring alignment with organisational objectives and risk appetite
• Conduct thorough root cause analysis and provide actionable insights to ensure issues are fully resolved and controls are sustainable
• Collaborate with business technologists, risk, and audit teams to manage risk and drive cross-functional solutions
• Provide risk reporting and governance insights to senior management to inform decision-making
• Promote a culture of risk awareness and adherence to best practices across the organisation

Required Qualifications, Capabilities, and Skills

• Experience in technology risk management, information security, or a related field, with emphasis on risk identification, assessment, mitigation, and control evaluation
• Proficient knowledge of risk management frameworks, regulations, and industry standards
• Knowledge of security controls, and vulnerability management in public cloud environments
• Excellent interpersonal and communication skills, including the ability to influence and engage stakeholders across levels
• Strong prioritisation and multitasking skills, with the ability to work independently and drive change in a dynamic environment
• Self-motivated with the ability to multi-task, prioritize and thrive in a fast-paced and evolving environment