Technology Risk and Controls Lead | SOC1 / SOC2

Job Description
Our Information Security Management (ISM) professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets.
This ISM - SOC Attestation Management role calls for a strong manager with experience leading the execution of global controls attestation engagements (SOC1, SOC2, ISAE 3402, AT-C 205), driving readiness and remediation of potential issues to promote successful audit outcomes. These attest reports are delivered to thousands of the firm's corporate clients and key regulators of the firm. Successful execution of responsibilities requires a candidate who has a strong client service orientation, is highly organized and demonstrates strong issue identification, problem solving, collaboration and communication skills, including ability to interact with senior management, external auditors and operate across multiple lines of business and corporate teams.
Key Skills / Qualifications

• Minimum of two years of experience as Consulting firm practitioner ("Big Four" experience a definite plus), performing IT Controls attestation audits, including experience leading planning and execution of SOC and/or SOX audits
• 6+ years' experience dedicated to planning and leading execution of controls attestation engagements
• Exceptional issue management and exceptions analysis skills
• Solid knowledge of auditing of IT general computer controls and application controls
• Strong program management and problem solving skills, with proven ability to deliver quality results in a deadline-driven environment
• Confidence and self-assurance in interactions with external auditors and ability to reach across the firm to engage appropriate management, set agendas, lead calls with senior management and drive actions to meet program objectives
• Excellent verbal communications, written communications
• Must be a detail oriented, quality-focused manager; with strong documentation and reporting skills
• Excellent interpersonal skills, collaborative mindset; ability to develop strong relationships with stakeholders
• Ability to work effectively in a global team environment and drive results in a matrixed organization
• Strong sense of ownership, commitment to quality and attention to detail
• Intellectual rigor, emotional intelligence, high energy and a passion for the delivery of high quality project outcomes

Responsibilities include:
Coordination with key stakeholders -- including external and internal auditors, technology and operations management, control owners, lines of business, various risk functions, operations and program governance teams to:

• Obtain early visibility into potential changes to program scope, facilitating readiness
• Lead proactive readiness- assessments (platforms, tools, applications) to ensure controls are suitably designed and placed in operation, and that appropriate governance is in place to avoid impacts to external audits
• Oversee remedial workstreams, assessing effectiveness of proposed solutions and driving timely and effective solutions to control issues potentially impactful to programs
• Identify and lead x-LOB teams in identifying appropriate response to external auditors with respect to potential and confirmed control exceptions, including identification of relevant compensating controls for deficiencies
• New Reports: Partner with internal business owners, O&C and external auditors to meet client and/or regulatory requirements; taking the lead in report development and readiness.
• Ensure quality standards are achieved in development and maintenance of program documentation
• Communication to key stakeholders to ensure a no surprises environment, and facilitate development, maintenance and delivery of consistent and meaningful reporting and metrics
• Timely reporting on program status to senior management stakeholders
• Develop educational / guidance resources for use by Technology Risk & Controls and Technology personnel
• People leadership, including performance management and development

About Us
JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
About the Team
The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.