Tech Risk and Controls Lead

J.P. Morgan
J.P. Morgan

London, UK

Posted on Jul 3, 2026

Out of the successful launch of Chase in 2021, we are on a mission to continue creating products that solve real world problems and put customers at the center—all in an environment that nurtures skills and helps you realize your potential. Our team is key to our success. We’re people-first. We value collaboration, curiosity and commitment.

As a Vice President at JPMorganChase within the Accelerator Business, you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects – and depending on your strengths and interests, you'll have the opportunity to move between them.

While we’re looking for professional skills, culture is just as important to us. We understand that everyone's unique – and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference – on us as a company, and on our clients and business partners around the world.

Job Responsibilities:

  • Coordinate and respond to auditor RFIs, interviews, and walkthroughs by triaging asks, assigning owners, quality-checking responses, and packaging audit-ready evidence.

  • Drive remediation of control gaps by translating findings into actionable engineering backlog items with clear acceptance criteria and target dates.

  • Review Technology Control Standards and associated requirements, and ensure control procedures and documentation remain current and aligned to firm expectations.

  • Execute onboarding and compliance checks for required firm tooling and telemetry by verifying coverage, correctness, and timely adoption for newly onboarded services.

  • Lead end-to-end delivery of custom control procedures by defining control intent, aligning stakeholders, implementing operational steps, and confirming.

  • Develop and track mitigation plans for residual risks by setting risk-reduction actions, owners, milestones, and governance checkpoints.

  • Run application oversight governance (AO Governance) by monitoring control posture, overdue findings, and control exceptions, and ensuring timely remediation.

  • Perform thematic analysis of control and audit findings to identify systemic risks and propose preventative controls, automation, or process improvements.

  • Produce risk reporting and executive-ready updates by consolidating metrics, summarizing key risks, and preparing materials for firmwide forums.

  • Support vulnerability management governance by monitoring overdue and near-due items, recommending mitigations, and converting remediation into prioritized engineering backlogs.

  • Define and track control health KPIs/KRIs by establishing reporting routines that demonstrate control effectiveness, sustainability, and risk reduction over time.

Required qualifications, capabilities and skills

  • Professional certifications such as Cloud Certifications, CISSP, CISM, or GIAC.

  • Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.

  • Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.

  • Extensive experience in Technology with strong understanding of Operational Risk and Controls including Tech/Cyber Risk

  • Ability to work with data from disparate sources to build a cohesive view on risk

  • Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.

  • Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC)

  • Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts


J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.

Control Management maintains a strong and consistent control environment through a joint accountability model that aligns managers with each function and region to mitigate operational risk. The team focuses on four areas: Control Design & Expertise, Risks & Controls Identification/Assessment, Issues & Control Deficiencies and Control Governance & Reporting.

-