Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. 

As a Tech Risk & Controls Director within Consumer & Community Banking Technology & Risk Controls team, you will help shape and implement the firm’s technology risk management strategy and strengthen industry compliance. You will run the operating cadence for audit engagement and issue management across assigned technology portfolios, partnering closely with technology leaders, Product/Engineering teams, and control partners.

You will provide centralized governance across the audit lifecycle (internal, external, and regulatory engagements as applicable), ensuring clear accountability for deliverables and translating audit outcomes into sustainable control enhancements. You will also oversee the issue management lifecycle end-to-end—from identification and articulation through remediation and validation—ensuring issues are owned, appropriately risk-rated, and closed on time with durable fixes.

This role is designed for a risk and controls leader who can operate credibly with senior technology executives and translate complex technical matters into concise, decision-ready risk narratives that improve audit readiness, execution quality, and regulatory hygiene.

• Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards, regulatory requirements, and industry best practices
• Own the audit engagement framework for assigned portfolios, ensuring audits are managed proactively and consistently from initiation through closure, with clear ownership and high-quality deliverables
• Oversee the full issue management lifecycle impacting CCB Technology, ensuring issues are identified early, written clearly, governed through closure, and validated with durable remediation
• Sets reuse-first expectations for enterprise-authorized AI adoption within the work environment across technology risk and controls operations to accelerate evidence synthesis, issue analysis, and executive reporting, with human-in-the-loop validation and appropriate handling of sensitive data
• Establish expectations for issue quality, including problem statements, root cause articulation, impact and risk relevance, control mapping, scope clarity, and appropriately defined corrective and preventative actions
• Identify and escalate emerging and upstream technology risks using firm management framework tools (e.g., risk event management, reporting, action plan tracking) and provide expert counsel to stakeholders regarding security obligations and acceptable outcomes
• Build and maintain strong relationships with internal and external stakeholders, including cross-functional leads, regulators, and auditors, to support compliance with legal, regulatory, and industry standards
• Define and run governance routines to manage audits and issues at scale, including portfolio-level operating reviews and senior leader updates; establish transparent metrics and executive reporting as a single source of truth for audit status, requests, issue inventory, remediation progress, and themes
• Drive timely escalation of material risks (e.g., late deliverables, weak evidence, unclear ownership, remediation slippage) and translate execution detail into decision-ready narratives that enable leadership action
• Design and implement standard playbooks, templates, workflows, and tooling improvements to streamline audit engagement and issue management; reduce duplication, improve consistency, and increase audit readiness while reducing the cost of control
• Establishes governance standards for AI-assisted workflows used in risk reporting and issue/action-plan management, ensuring traceability/auditability and alignment to security, resiliency, and regulatory expectations

• Substantial experience leading audit engagement management, issue remediation governance, and/or technology risk & controls execution within a large, regulated financial institution or similarly complex environment

• Demonstrated expertise in technology controls, audit practices, and issue management disciplines, including translating technical detail into clear, risk-relevant narratives for senior stakeholders

   

• 7+ years of experience (or equivalent expertise) in technology risk management, information security, or a related field, focused on risk identification, assessment, and mitigation
• Demonstrated expertise in risk management frameworks, industry standards, and regulatory requirements relevant to the financial industry
• Demonstrated experience leading safe adoption of enterprise-authorized AI capabilities within the work environment within technology risk and controls workflows, including validation practices and awareness of data sensitivity
• Ability to define review/approval and escalation expectations for AI-assisted recommendations while maintaining security, auditability, and regulatory compliance outcome
• Establish feedback loops and retrospectives to continuously improve the operating model based on lessons learned from audits, validations, and stakeholder feedback
• Proven ability to lead large teams, manage cross-functional projects, influence executive-level decision-making, and translate technology insights to business strategy for senior executives
• Advanced knowledge and experience in data security, risk assessment & reporting, and control evaluation/design/governance, with a track record of implementing effective risk mitigation strategies

• Experience with JPMorganChase technology control frameworks, audit engagement models, and issue governance practices; familiarity with common audit and regulatory expectations impacting large-scale technology organizations
• Executive presence and sound judgment, balancing strong partnership with adherence to firm standards; credibility across technology and control communities
• Outcome-driven and structured approach: ability to simplify complexity into clear priorities, repeatable cadences, and measurable deliverables; precise written and verbal communication suitable for senior leader and governance forums