Compliance - Technology Operational Risk Management Director - Executive Director

Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

As an Identity and Access Management (IAM) Technology Operational Risk Management Executive Director within the Compliance Conduct and Operational Risk Technology & Cybersecurity (CCOR Tech & Cyber) group, you will focus on providing independent oversight of IAM-related operational risk management practices across Lines of Business (LOBs), Regions, and Corporate Functions (CFs). Your role will involve ensuring compliance with technology and cybersecurity laws, rules, and regulations specifically related to identity and access management. You will be responsible for reviewing and assessing the governance of IAM processes and controls, identifying risks inherent in JPMorgan Chase's technology environment, and ensuring that access to systems and data is appropriately managed and secured. This includes evaluating the effectiveness of IAM frameworks, policies, and procedures, and ensuring that they align with industry best practices and regulatory requirements.

• Conduct in-depth inspections of IAM technologies within processes or firm-wide for compliance and effectiveness.
• Stay informed on IAM enforcement actions, regulatory changes, and emerging solutions for compliance.
• Respond to regulatory inquiries on IAM, providing documentation and insights to demonstrate compliance.
• Engage with cybersecurity teams to align IAM practices with the control environment.
• Review significant events where IAM is a factor to derive lessons learned and improve processes.
• Assess IAM-related technology risks and coordinate with application risk assessments.
• Evaluate IAM security risks in third-party relationships, focusing on technology expertise.
• Develop risk positions for new technologies, escalating and tracking risk items as necessary.
• Identify global risk concentrations, assess risks, and recommend control adjustments.
• Analyze Operational Risk losses and events to inform RCSA results and technology assessments.
• Participate in IAM governance forums to provide insights and drive strategic risk management initiatives.

• BS or BA degree in computer science or possess equivalent experience.
• 10+ years in IAM cybersecurity or engineering roles.
• Deep understanding of IAM, PAM, and RBAC.
• Familiarity with MFA, SSO, and zero trust architecture
• Knowledge of cloud security and hybrid IAM implementations (Azure, AWS, GCP).
• Ability to assess and remediate IAM vulnerabilities and access control weaknesses.
• Hands-on experience with IAM tools like SailPoint, Okta, CyberArk, Microsoft Entra ID, and Ping Identity.
• Experience managing and securing Microsoft Active Director (AD) and Azure AD (Entra ID).

• Expertise in GPO, Kerberos authentication, NTLM, and LDAP.
• Implementation of least privilege access, PAM, and administrative tiering in AD.
• Experience with ADFS, conditional access policies, and identity federation.
• Understanding of AD-related security threats and familiarity with Microsoft Defender for Identity and Azure AD Identity Protection.