Tech Risk & Controls Senior Associate - Regulatory, Industry Risk, and Threat Modeling

Join our team to innovate in risk mitigation, leveraging your skills in a fast-paced, impactful environment.

Job Summary

As a Tech Risk & Controls Associate in Cybersecurity & Tech Controls team, you will be a part of a team that supports the implementation of risk mitigation strategies, controls and action plans for the firm. Working closely with the technology risk teams and cross-functional partners, you contribute your skills and insights to the continuous improvement of risk management methods. As a valued member of the team, you will have the opportunity to learn and grow in a dynamic and fast-paced environment, making a tangible impact on technology risk and controls at the firm.

We are seeking a Regulatory and Industry Risk Assessor with a background in audit, regulatory and industry risk assessments, and threat modeling to join our growing Technology Risk and Controls organization. This role will serve as the assessor, supporting the firm’s continuous compliance with key regulatory frameworks, including SOX, PCI, Swift, HKMA CRAF, and other industry standards.

Job responsibilities

• Facilitate the execution of assessments to ensure they align with organizational goals, risk tolerance, and regulatory standards.
• Govern and track issues from assessments, ensuring timely resolution and closure of control deficiencies.
• Monitor technology risks to ensure adherence to company standards, regulatory mandates, and industry best practices.
• Collaborate with cross-functional teams to implement effective controls.
• Analyze complex scenarios, advise on risk management strategies, and support risk mitigation efforts.
• Develop threat modeling processes to identify and prioritize potential threats to the organization's technology infrastructure.
• Work with stakeholders to integrate threat modeling into the risk management framework, ensuring alignment with governance and compliance goals.

Required qualifications, capabilities, and skills

• Formal training or certification on Tech Risk & Controls concepts and 2+ years applied experience
• Experience in identifying, assessing, and evaluating risk controls, with a solid grasp of industry standards.
• Proven capability to analyze intricate issues, devise and execute risk mitigation strategies, and communicate efficiently with senior stakeholders.
• Well-versed in risk management frameworks, regulations, and industry best practices.
• Experienced in threat modeling, with the ability to identify and evaluate potential threats and incorporate threat modeling into risk management processes.

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred.
• Familiar with threat modeling tools and methodologies, such as STRIDE, DREAD, or PASTA, is a plus.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.