Technology Risk and Controls - Control Review and Governance Lead

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As the Infrastructure Platforms Control Oversight Lead at JPMorgan Chase, you lead the end-to-end workflow for reviewing and governing changes to control procedures and control objectives in the Archer catalog, acting as the voice of the customer while embedding robust governance, risk, and compliance. You will develop an intake, impact assessment, approval, and implementation tracking for catalog changesensuring Infrastructure Platform owned controls remain resilient, scalable, and aligned to firm, legal, and industry standards. You will also communicate changes to other control objectives and procedures to Infrastructure Platforms and gather feedback. By providing a consolidated view of technology risk posture and full traceability of control decisions, you drive continuous improvement through feedback and control testing and deliver top-tier stakeholder experiences from launch through iteration. You will also perform various QA reviews, risk governance and oversight and control and issue testing.

Job responsibilities

• Own the Infrastructure Platforms control review vision, roadmap, and backlog for Archer catalog changes, from intake through approval and implementation tracking.
• Build and operate a governance process to ensure appropriate reviews, feedback, and sign-offs for control procedure and control objective changes and their impact to Infrastructure Platforms.
• Ensure effective identification, quantification, communication, and management of technology risk, with emphasis on root-cause analysis and actionable remediation recommendations.
• Partner with Product Security, 2LOD, Audit, and Infrastructure Platform leaders to validate control design and operating effectiveness and to align with firm, legal, regulatory, and industry standards.
• Execute reporting and governance of controls, policies, issues, and metrics; provide senior management insights on control effectiveness and risk posture.
• Perform control assessments, QA reviews, issue closure testing, and oversight of remediation plans to verify sustained control performance.
• Establish KRIs/KPIs (e.g., review cycle time, defect rate, control test pass rates) and SLAs/SLOs to drive resiliency, scalability, and stability in the control review process.
• Create transparent traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts.
• Lead continuous improvement by analyzing feedback and testing results to streamline workflows, reduce risk, and enhance stakeholder experience.
• Communicate changes to control objectives and procedures to Infrastructure Platforms and coordinate adoption, training, and feedback loops.

Required qualifications, capabilities, and skills

• 5+ years of experience (or equivalent expertise) in technology risk management, information security, or related fields with a focus on risk identification, assessment, and mitigation.
• In-depth knowledge of financial regulations and compliance requirements related to cybersecurity (e.g., GDPR, PCI DSS, SOX, FFIEC).
• Understanding of national/international laws, regulations, policies, and ethics related to financial industry cybersecurity.
• Proficient in data security, risk assessment and reporting, control evaluation/design/governance, with a proven track record of implementing effective risk mitigation strategies.
• Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders.
• Working knowledge of infrastructure platforms (compute, storage, network, middleware) and cloud architectures and their control requirements.
• Experience designing, testing, and evidencing controls aligned to recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, SOC 2).
• Fluency in Agile product management practices, including backlog management, user story creation, acceptance criteria, and iterative delivery.
• Ability to build dashboards/metrics that convey control effectiveness, cycle time, and risk posture to stakeholders.
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives.

Preferred qualifications, capabilities, and skills

• AI prompt engineering experience to enhance stakeholder engagement, documentation quality, and process efficiency.
• CISM, CRISC, CISSP, CISA, or similar industry-recognized certifications preferred.
• Hands-on experience with security testing, simulations, or tabletop exercises.
• Familiarity with coding or scripting, data analytics, cybersecurity controls, cloud control design, and/or distributed technologies.
• Advanced knowledge of the product development life cycle, service design, and data analytics.
• Experience automating control evidence collection and testing (e.g., via APIs or scripts) to improve control reliability and repeatability.
• Strong data visualization and communication skills to convey complex risk and control information clearly.