188 Technology Risk jobs in the United Kingdom

Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.

As an Enterprise Risk Management  (ERM) – Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars.

This internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.

You will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC). You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate.

Key Responsibilities 

• Evaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards.
• Lead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials +
• Developing risk measurement methodologies to model and continually enhance the technology and cyber risk profile
• Conduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations.
• Stay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements.
• Oversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed.
• Provide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies.
• Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment
• Validate that technology Key Risk Indicators are accurately captured and included in prioritisation activities
• Provide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilities
• Provide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance.
• Support the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy.
• Provide people management responsibilities within the Enterprise Risk Management team.

Skills, Knowledge, and Experience

• Expertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries.

• Professional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA).
• Experience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent function

• Knowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI.
• Strong understanding of AI technologies, machine learning, and data analytics.

• Self-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards.
• Excellent written and verbal communication and presentation skills

Inclusion and Diversity

At Forvis Mazars inclusion and diversity are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business.

We seek to attract and recruit people who reflect the diverse nature of our clients and communities, regardless of sexual orientation, gender identity, ethnicity, nationality, faith or belief, social background, age, and disability. Mazars selects candidates based on skills, knowledge, qualifications, and experience.

Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business. As an Enterprise Risk Management (ERM) – Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars. This internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile. You will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC). You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate. Key Responsibilities Evaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards. Lead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials Developing risk measurement methodologies to model and continually enhance the technology and cyber risk profile Conduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations. Stay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements. Oversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed. Provide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies. Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment Validate that technology Key Risk Indicators are accurately captured and included in prioritisation activities Provide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilities Provide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance. Support the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy. Provide people management responsibilities within the Enterprise Risk Management team. Skills, Knowledge, and Experience Expertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries. Professional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA). Experience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent function Knowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI. Strong understanding of AI technologies, machine learning, and data analytics. Self-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards. Excellent written and verbal communication and presentation skills Inclusion and Diversity At Forvis Mazars inclusion and diversity are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business. We seek to attract and recruit people who reflect the diverse nature of our clients and communities, regardless of sexual orientation, gender identity, ethnicity, nationality, faith or belief, social background, age, and disability. Mazars selects candidates based on skills, knowledge, qualifications, and experience.

**Description**
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.
Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
Associate, Technology Risk & Control facilitates the identification, assessment, and mitigation of technology risks by conducting thorough risk evaluations, developing risk management strategies, and ensuring compliance with industry standards and regulatory requirements. Ensures that technology teams are meeting the requirements set forth in the Technology Resilience policies and standards. Assists in reporting to various stakeholders throughout the company.
**How will you make an impact in this role?**
Key Responsibilities:
+ Conducts assessments to identify potential risk within the organization's technology environments, ensuring that technology resilience areas are evaluated for weaknesses
+ Ensures Technology teams are adhering to the organization's Resilience related policies and standards. Communicates and reports on successes and gaps
+ Prepares reports and documentation to support risk management activities and compliance efforts, for internal stakeholders and leaders
+ Conducts risk assessments to determine the residual risk within the organization's technology environments, ensuring all areas are evaluated for non-compliance
+ Supports the identification and evaluation of controls and adherence to controls
+ Collaborates and co-creates effectively with teams in product and the business to align technology initiatives with business objectives
**Minimum Qualifications:**
+ Bachelor's Degree in Computer Science, Information Systems, Cybersecurity, and/or comparable experience
+ Knowledge of regulatory compliance and security standards (e.g., ISO, NIST, FFIEC Handbooks, GDPR)
+ Foundational knowledge of global technology standards and applicable regulations
+ Foundational knowledge of technology control domains such as Disaster Recovery, Business Continuity Management, Security Governance & Operations, IT General Controls, Security Testing, and Cloud Security
+ Skilled in enterprise risk management with an emphasis on operational risk management and technology risk
+ Experience working in teams to successfully complete projects in Computer Science, Information Systems, and/or Cybersecurity
+ Experience working with teams in Technology Resilience / Disaster Recovery
+ DORA (Digital Operational Resilience Act)
+ ORMCM
**Key requirements**
+ Operational Resilience
+ Disaster Recovery
+ Understanding of regulatory environment
**Technology Risk Experience**
+ Controls
+ Regulations
+ Disaster Recovery
**Under regulations, must have:**
+ Disaster Recovery experience
+ Incident Problem & Change Management
**Qualifications**
We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:
+ Competitive base salaries
+ Bonus incentives
+ Support for financial-well-being and retirement
+ Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
+ Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
+ Generous paid parental leave policies (depending on your location)
+ Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
+ Free and confidential counseling support through our Healthy Minds program
+ Career development and training opportunities
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.
**Job:** Technologies
**Primary Location:** United Kingdom-London-London
**Schedule** Full-time
**Req ID:**

Overview

Technology Risk Senior Manager (5098)nOur Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.nAs an Enterprise Risk Management (ERM) – Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars.nThis internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.nYou will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC). You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate.nKey ResponsibilitiesnEvaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards.nLead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials +nDeveloping risk measurement methodologies to model and continually enhance the technology and cyber risk profilenConduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations.nStay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements.nOversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed.nProvide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies.nMaintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environmentnValidate that technology Key Risk Indicators are accurately captured and included in prioritisation activitiesnProvide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilitiesnProvide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance.nSupport the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy.nProvide people management responsibilities within the Enterprise Risk Management team.nSkills, Knowledge, and ExperiencenExpertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries.nProfessional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA).nExperience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent functionnKnowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI.nStrong understanding of AI technologies, machine learning, and data analytics.nSelf-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards.nExcellent written and verbal communication and presentation skillsnInclusion and DiversitynAt Forvis Mazars inclusion and diversity are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business.nWe seek to attract and recruit people who reflect the diverse nature of our clients and communities, regardless of sexual orientation, gender identity, ethnicity, nationality, faith or belief, social background, age, and disability. Mazars selects candidates based on skills, knowledge, qualifications, and experience.

#J-18808-Ljbffrn

Overview

Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.nAs an Enterprise Risk Management (ERM) – Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars.nThis internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.nYou will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC).You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate.nKey Responsibilities

Evaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards.nLead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials +nDeveloping risk measurement methodologies to model and continually enhance the technology and cyber risk profilenConduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations.nStay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements.nOversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed.nProvide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies.nMaintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environmentnValidate that technology Key Risk Indicators are accurately captured and included in prioritisation activitiesnProvide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilitiesnProvide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance.nSupport the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy.nProvide people management responsibilities within the Enterprise Risk Management team.nSkills, Knowledge, and Experience

Expertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries.nProfessional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA).nExperience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent functionnKnowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI.nStrong understanding of AI technologies, machine learning, and data analytics.nSelf-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards.nExcellent written and verbal communication and presentation skillsnInclusion

At Forvis Mazars inclusion and are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business.nWe seek to attract and recruit people who reflect the diverse nature of our clients and communities, regardless of , , , , faith or belief, social background, , and disability. Mazars selects candidates based on skills, knowledge, qualifications, and experience.

#J-18808-Ljbffrn

Overview

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. As a Tech Risk & Controls Director - Metrics in Cybersecurity & Technology Controls you will play a pivotal role in shaping and implementing the firm's technology risk management strategy. You will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards, collaborating with Product Owners, Business Control Managers, and regulators to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions, influence large teams, and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices, contributing to the long-term success and resilience of the organization in an evolving technology landscape.

Responsibilities

Leads, develops and directs a team of metrics professionals to deliver on team and organizational objectives.

Defines, builds, leads and governs the metrics framework, ensuring alignment with industry best practice and firm objectives, with clear definitions and requirements for Executive Metrics and metrics for the operational management of Cybersecurity, Technology and Operational Risks.

Builds partnerships across BISO teams, Application Owners, Control Owners, CTC leaders and LoB Control Managers to define appropriate Cybersecurity, Technology and Operational Risk metrics.

Builds partnerships with technology teams responsible for implementing metric framework telemetry and related logic to ensure delivery and maintenance in line with framework objectives.

Drives efforts to modernize metrics using emerging technologies, data analysis and advanced risk measurement techniques.

Oversees and governs the design, testing and implementation of risk metrics to align with business needs.

Designs, builds, leads and executes risk metrics governance.

Communicates program status, execution risks/issues, and key decisions to senior stakeholders, maintaining transparency and informed decision-making.

Identifies, manages, and mitigates delivery risks, addressing potential roadblocks with contingency plans to maintain momentum.

Promotes a culture of high performance, operational excellence, and innovation within the team, driving continuous improvement in risk management metrics practices.

Required qualifications, capabilities, and skills

Expert experience or equivalent expertise in cybersecurity and technology risk concepts.

Experience designing, testing, implementing and managing risk KRI, KPI and KCI aligned to risk measurement industry best practices.

Experience in data analysis to drive design, implementation and maintenance of risk metric data flows.

Experience partnering with technical product teams to deliver strategic technology capabilities.

Experience leading technologists to manage, anticipate, and solve complex technical items within your domain.

Experience planning and executing risk metric best practices to drive relevant risk insights and firm-level reporting consistency.

Proficiency in technical information security and/or IT general controls domains, including policies and standards, risk and control assessments, and regulatory compliance.

Ability to escalate and address decisions or constraints affecting program delivery in a timely manner.

Strong verbal and written communication skills.

Proven ability to apply critical thinking and structured problem-solving to address issues and drive continuous improvement in risk measurement practices.

About UsnJPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

About the TeamnOur professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.

#J-18808-Ljbffrn

Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.

As an Enterprise Risk Management (ERM) - Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars.

This internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.

You will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC). You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate.

Key Responsibilities

Evaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards.

Lead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials +

Developing risk measurement methodologies to model and continually enhance the technology and cyber risk profile

Conduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations.

Stay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements.

Oversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed.

Provide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies.

Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment

Validate that technology Key Risk Indicators are accurately captured and included in prioritisation activities

Provide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilities

Provide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance.

Support the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy.

Provide people management responsibilities within the Enterprise Risk Management team.

Skills, Knowledge, and Experience

Expertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries.

Professional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA).

Experience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent function

Knowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI.

Strong understanding of AI technologies, machine learning, and data analytics.

Self-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards.

Excellent written and verbal communication and presentation skills

Inclusion and DiversitynAt Forvis Mazars inclusion and diversity are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business.

We seek to attract and recruit people who reflect the diverse nature of our clients and communities, regardless of sexual orientation, gender identity, ethnicity, nationality, faith or belief, social background, age, and disability. Mazars selects candidates based on skills, knowledge, qualifications, and experience.

#J-18808-Ljbffrn

Overview

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. As a Tech Risk & Controls Director - Metrics in Cybersecurity & Technology Controls you will help shape and implement the firm's technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards. You will collaborate with stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions, influence large teams, and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices, contributing to the organization’s long-term success and resilience in a evolving technology landscape.

Job Responsibilities

Leads, develops and directs a team of metrics professionals to deliver on team and organizational objectives.

Defines, builds, leads and governs the metrics framework, ensuring alignment with industry best practice and firm objectives, whilst providing clear definitions and requirements for Executive Metrics and metrics required for the operational management of Cybersecurity, Technology and Operational Risks.

Builds partnerships across Business Information Security Officer (BISO) teams, Application Owners, Control Owners, Cybersecurity & Technology Controls (CTC) leaders and Line of Business Control Managers (LoB BCM) to define appropriate Cybersecurity, Technology and Operational Risk metrics.

Builds partnerships with technology teams responsible for implementing metric framework telemetry and associated logic, to ensure delivery and maintenance in accordance with metrics framework objectives.

Drives efforts to modernize metrics by leveraging emerging technologies, data analysis and cutting-edge risk measurement and statistical techniques.

Oversees and governs the design, testing and implementation of risk metrics to ensure alignment with business needs.

Designs, builds, leads and executes risk metrics governance.

Communicates program status, execution risks/issues, and key decisions to senior stakeholders, maintaining transparency and fostering informed decision-making.

Identifies, manages, and mitigates delivery risks, proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum.

Promotes a culture of high performance, operational excellence, and innovation within the team, driving continuous improvement in risk management metrics practices.

Required qualifications, capabilities, and skills

Expert experience or equivalent expertise in cybersecurity and technology risk concepts.

Demonstrable experience of designing, testing, implementing and managing risk Key Risk Indicators (KRI), Key Performance Indicators (KPI) and Key Control Indicators (KCI) aligned to risk measurement industry best practices.

Demonstrable experience of data analysis to drive the design, implementation and maintenance of risk metric data flows.

Demonstrable experience of working in partnership with technical product teams to realize delivery of strategic technology capabilities.

Experience leading technologists to manage, anticipate, and solve complex technical items within your domain of expertise.

Experience planning and executing risk metric best practice to drive highly relevant risk insights and Firm level reporting consistency.

Proficiency in technical information security and/or IT general controls domains, including policies and standards, risk and control assessments, and regulatory compliance.

Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.

Demonstrable strong verbal and written communication skills.

Proven ability to apply critical thinking and structured problem-solving techniques to address issues and drive continuous improvement in risk measurement practices.

About UsnJPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

About the TeamnOur professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.

#J-18808-Ljbffrn

Overview

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance.nAs a Tech Risk & Controls Director – Metrics in Cybersecurity & Technology Controls you will play a pivotal role in shaping and implementing the firm's technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards. You will collaborate with various stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions, influence large teams, and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.nJob Responsibilities

Leads, develops and directs a team of metrics professionals to deliver on team and organizational objectives.nDefines, builds, leads and governs the metrics framework, ensuring alignment with industry best practice and firm objectives, whilst providing clear definitions and requirements for Executive Metrics and metrics required for the operational management of Cybersecurity, Technology and Operational Risks.nBuilds partnerships across Business Information Security Officer (BISO) teams, Application Owners, Control Owners, Cybersecurity & Technology Controls (CTC) leaders and Line of Business Control Managers (LoB BCM) to define appropriate Cybersecurity, Technology and Operational Risk metrics.nBuilds partnerships with technology teams responsible for implementing metric framework telemetry and associated logic, to ensure delivery and maintenance in accordance with metrics framework objectives.nDrives efforts to modernize metrics by leveraging emerging technologies, data analysis and cutting-edge risk measurement and statistical techniques.nOversees and governs the design, testing and implementation of risk metrics to ensure alignment with business needs.nDesigns, builds, leads and executes risk metrics governance.nCommunicates program status, execution risks/issues, and key decisions to senior stakeholders, maintaining transparency and fostering informed decision-making.nIdentifies, manages, and mitigates delivery risks, proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum.nPromotes a culture of high performance, operational excellence, and innovation within the team, driving continuous improvement in risk management metrics practices.nRequired qualifications, capabilities, and skills

Expert experience or equivalent expertise in cybersecurity and technology risk concepts.nDemonstrable experience of designing, testing, implementing and managing risk Key Risk Indicators (KRI), Key Performance Indicators (KPI) and Key Control Indicators (KCI) aligned to risk measurement industry best practices.nDemonstrable experience of data analysis to drive the design, implementation and maintenance of risk metric data flows.nDemonstrable experience of working in partnership with technical product teams to realize delivery of strategic technology capabilities.nExperience leading technologists to manage, anticipate, and solve complex technical items within your domain of expertise.nExperience planning and executing risk metric best practice to drive highly relevant risk insights and Firm level reporting consistency.nProficiency in technical information security and/or IT general controls domains, including policies and standards, risk and control assessments, and regulatory compliance.nAbility to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.nDemonstrable strong verbal and written communication skills.nProven ability to apply critical thinking and structured problem-solving techniques to address issues and drive continuous improvement in risk measurement practices.

#J-18808-Ljbffrn