Tech Risk and Controls Director
JPMorganChase
Join a role that's central to our technological controls and standards, offering a unique opportunity to shape the firm's tech controls strategy in alignment with various standards and regulatory requirements.
As a Tech Risk & Controls Director at JPMorgan Chase within the Cybersecurity Technology and Controls, you will be responsible for the firm’s control design, governance, standardization, and measurement across all the Cyber domains. Your primary focus will be leading and managing the Security Configuration Management domain. This role ensures that foundational and advanced controls across platform, network, endpoint and application security configuration are governed by clearly defined standards and measurable control objectives. This position blends deep technical understanding of controls and tooling with architectural oversight and governance rigor ensuring that the firm’s operational controls are consistently engineered, validated, and improved across both cloud‑native and on‑premises environments.
Job responsibilities
- Lead the development of technical control objectives and standards for Security Configuration Management and other Cyber domains.
- Define measurable performance and effectiveness metrics for each control category, integrating telemetry, automation, and operational metrics into governance dashboards.
- Partner with security engineering and operations teams to evaluate control sufficiency against threat models, regulatory expectations, and internal policies.
- Govern control implementation and sustainment across hybrid ecosystems (cloud, data center, and user endpoint environments), ensuring consistent security posture.
- Assess and guide integration of firm wide configuration drift monitoring tools (Evolven, Puppet, Chef, Wiz etc…) with JPMC's GRC ecosystem to align with standardized control objectives.
- Provide strategic insight into the control posture to architecture and risk governance leadership, driving continuous improvement in control effectiveness and efficiency.
- Collaborate across architecture, operations, and GRC teams to ensure security configuration, network and endpoint controls align with enterprise configuration standards, policies, and frameworks.
Required qualifications, capabilities, and skills
- Formal training or certification with 10+ years of experience in cybersecurity controls architecture, security engineering, or operations leadership (various Cyber domains).
- Proficient in designing or governing technical control frameworks across hybrid environments (AWS, Azure, on‑premises).
- Good knowledge of modern enterprise security toolsets and their control capabilities, including security configuration and drift management, network segmentation, endpoint protection, and detection/response.
- Hands on building and measuring technical control effectiveness through metrics, telemetry, and compliance automation.
- Exceptional communication and leadership skills with a track record of influencing technology strategy and control adoption at scale.
- Deep familiarity with NIST (800-53 and 800-128 are required), ISO, CIS, and zero‑trust control frameworks.
Preferred qualifications, capabilities, and skills
- Professional certifications such as Cloud Certifications (AWS Solutions Architect, AWS Security Specialist), CISSP, CISM, or GIAC.
- Experience designing metrics and governance frameworks for Security Configuration Management, SOC, network security, or endpoint control domains.
- Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments.
#CTC
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.
Lead the strategic design, development and governance of technology standards and controls across various Cybersecurity domains.