Description

Join a controls team where your judgment and communication skills directly influence how we adopt and manage third parties safely. You'll work with partners across technology, procurement, legal, compliance, and operational risk to turn complex security and resilience findings into clear, business-ready decisions. If you enjoy connecting technical detail to real-world outcomes-and constructively challenging when needed-this role gives you a wide platform for impact.

As a Third Party Risk & Controls Insights Lead in CIB Controls, you own the insights agenda across the third-party lifecycle-onboarding, change, ongoing monitoring, and exit-so leaders have consistent, defensible, decision-grade risk conclusions. You synthesize and challenge third-party assessment outputs (with a focus on data, cybersecurity, and resilience), translate technical evidence into clear narratives and recommendations, and strengthen the quality and consistency of risk decision artifacts. You'll partner closely with business control managers and cross-functional stakeholders to improve risk visibility, align control expectations, and support responsible vendor adoption.

Job Responsibilities

• Aggregate and analyze third-party risk signals to deliver actionable insights focused on data protection, cybersecurity, and resilience.
• Govern standards for third-party risk decision artifacts (e.g., risk statements, residual risk framing, materiality thresholds, issue taxonomy, and escalation expectations).
• Review and challenge onboarding, assessment, and monitoring outputs to ensure completeness, consistency, and defensibility of conclusions and remediation expectations.
• Perform thematic analysis across the third-party portfolio to identify emerging risks, root-cause patterns, and concentration hot spots, and escalate material themes through governance forums.
• Advise on business cases for new or expanded third-party engagements, including reuse opportunities, risk trade-offs, and control uplift levers (standardization and contractual terms).
• Evaluate cloud and SaaS architectures to identify material control gaps (e.g., IAM, encryption/key management, logging/monitoring, segmentation, data residency, dependency chains, concentration risk).
• Define and maintain an insights framework including taxonomy mapping, KRI/KPI definitions, thresholds, trends, and executive dashboards.
• Produce executive-ready governance materials summarizing themes, exceptions, systemic issues, decision requests, and residual risk positions for senior stakeholders.
• Partner across controls, technology, procurement, legal, compliance, operational risk, and business teams to maintain a single, consistent narrative on third-party risk posture and priorities.

Required Qualifications, Capabilities, and Skills

• Expertise in control management in financial services, focused on compliance and operational risk mitigation.
• Third-party risk experience across the vendor lifecycle (onboarding, assessment, control validation, monitoring, issue management, and exit).
• Ability to synthesize assessment outputs into executive-ready insights (themes, emerging risks, residual risk framing, and recommendations).
• Cybersecurity and technology risk fluency, including ability to assess vendor security posture using common artifacts (e.g., SOC 2, ISO 27001, SIG/CAIQ).
• Working knowledge of cloud/SaaS control domains, such as IAM, encryption, logging/monitoring, vulnerability management, incident response, SDLC controls, and dependency/concentration risk.
• Ability to translate technical risk into clear business impacts, trade-offs, residual risk statements, and recommended mitigations for senior stakeholders.
• Strong data literacy, including defining and tracking KRIs/KPIs and performing structured analysis from models/diagrams to insights.

Preferred Qualifications, Capabilities, and Skills

• Experience building portfolio insights and governance routines, including taxonomy design, MI standards, thresholds, trend analytics, and issue classification.
• Experience using automation or advanced analytics (including AI/ML approaches) to improve monitoring and insights generation.
• Operational resilience expertise, including service mapping concepts, recovery expectations, dependency analysis, and vendor failure-mode impact narratives.
• Strong executive presence and influencing skills to align stakeholders, challenge decisions appropriately, and drive remediation prioritization.
• Business and market context awareness to align third-party risk decisions with client, regulatory, and operational expectations.
• Mentoring/coaching capability to build team discipline in risk thinking, documentation quality, and continuous improvement.

About Us

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

About the Team

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.