Outsourcing Operational Risk Management Lead - Vice President

JPMorgan Chase · Banking · Singapore · Corporate Sector

This role is responsible for overseeing operational risks related to third-party/outsourcing within a financial institution. A key aspect involves contributing to the development and implementation of AI-enhanced risk monitoring capabilities, specifically leveraging LLM-based functionalities to improve risk assessment and oversight. The role requires experience in financial services risk management, control assessments, and stakeholder influence, with a specific requirement for experience using AI models to drive value in risk management.

What you'd actually do

Own regional 2LOD oversight for Third Party / Outsourcing Risk: Set the regional agenda and provide credible challenge to LOB/CF and Location leads to ensure complete coverage, consistent execution, and timely escalation of material third party risks.
Lead independent control assessments and risk opinions: Drive objective evaluations of third party control environments and mitigation plans (design/operating effectiveness where applicable), synthesize conclusions, and deliver clear risk positions and recommended actions.
Coordinate jurisdictional regulatory alignment with Compliance: Translate evolving regional regulatory expectations into practical oversight requirements; partner with Compliance to ensure adherence across CTPO/Global Security and LOB/CF teams and to support regulatory/audit readiness.
Deliver thematic risk insights and executive reporting: Run thematic analyses using KRIs/KPIs, control performance data, and issues/incidents to identify trends and emerging risks; communicate regional risk posture, hotspots, and decisions required to senior stakeholders.
Contribute to the development of AI-enhanced risk monitoring capabilities, partnering with technology teams to drive LLM-based capabilities

Skills

Required

Minimum 8 years in financial services or multinational corporations (MNCs) in roles related to risk management, resiliency, outsourcing program management, or controls-focused areas.
AI/ML enablement for risk: Experience using AI models and driving value from them required
Demonstrated experience assessing third party risk and controls, performing due diligence/control reviews, and providing effective challenge and risk recommendations.
Proven 2LOD third party / outsourcing risk leadership: Experience forming risk views, challenging 1LOD, and driving closure on control gaps and material risk issues across multiple stakeholders.
Strong governance execution: Ability to establish decision forums, drive alignment, document outcomes, and ensure follow through across lines of defense and regions.
Regulatory and audit-ready mindset: Demonstrated partnership with Compliance and capability to operationalize jurisdictional requirements into sustainable oversight practices and evidence.
Thematic analytics & risk storytelling: Ability to turn metrics and control/issue data into prioritized insights and crisp executive narratives (what changed, why, so what, now what).
Technology risk depth for third party oversight: Strong command of cyber, data protection, and resiliency/BCP, with practical ability to assess third party architecture resilience (cloud shared responsibility; HA/DR patterns).
Executive-level communication and stakeholder influence: Confident, concise communicator with the ability to negotiate and drive decisions with senior stakeholders.
Demonstrated ability to work effectively in cross-functional teams and drive initiatives to completion in a complex, matrixed organization.

Nice to have

Domain Expertise: Specific expertise in third party risk management, sourcing & procurement, operational risk, and control management is highly desirable.
Hands-on dashboards / automation: Building automated reporting and monitoring solutions (vs. only consuming analytics).
Deep cloud engineering expertise: Advanced architecture specialization beyond assessment needs.
Day-one familiarity with specific regional regulators/regulatory guidelines (e.g., MAS/HKMA/OJK/BNM)
Data-Driven Risk Analysis: Ability to analyze risk concentration areas and risk profiles by integrating and interpreting data from both internal and external sources, enabling comprehensive assessment of residual risk posture.
Complex Data Management: Experience working with large, complex da

What the JD emphasized

AI/ML enablement for risk: Experience using AI models and driving value from them required

Other signals

AI/ML enablement for risk
Experience using AI models and driving value from them required
Contribute to the development of AI-enhanced risk monitoring capabilities
partnering with technology teams to drive LLM-based capabilities

Read full job description

Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the centre of keeping JPMorgan Chase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.

As an Operational Risk Management Lead in the Compliance, Conduct and Operational Risk - Outsourcing & Resiliency team, you will help us identify, assess, and oversee operational risks across the region. You will challenge and support our partners as they deliver the risk and controls framework, spotting gaps in control design and execution and driving improvements. You will lead deep-dive reviews on priority topics, partner with leaders across technology and business teams, and help shape risk strategy and governance. Together, we will strengthen controls, meet regulatory expectations, and build a resilient operating environment.

**Job responsibilities **

Own regional 2LOD oversight for Third Party / Outsourcing Risk: Set the regional agenda and provide credible challenge to LOB/CF and Location leads to ensure complete coverage, consistent execution, and timely escalation of material third party risks.
Lead independent control assessments and risk opinions: Drive objective evaluations of third party control environments and mitigation plans (design/operating effectiveness where applicable), synthesize conclusions, and deliver clear risk positions and recommended actions.
Drive 1LOD/2LOD alignment and governance outcomes: Chair or steer alignment forums as needed to ensure consistent risk outcomes, impact assessments, and issue positions across stakeholders for outsourcing and third party risk.
Coordinate jurisdictional regulatory alignment with Compliance: Translate evolving regional regulatory expectations into practical oversight requirements; partner with Compliance to ensure adherence across CTPO/Global Security and LOB/CF teams and to support regulatory/audit readiness.
Deliver thematic risk insights and executive reporting: Run thematic analyses using KRIs/KPIs, control performance data, and issues/incidents to identify trends and emerging risks; communicate regional risk posture, hotspots, and decisions required to senior stakeholders.
Advance the TPRM program operating model: Identify, prioritize, and execute program enhancements that improve transparency, consistency, and efficiency (e.g., standards, playbooks, measurement, and reporting), with demonstrable impact to risk outcomes.
Build senior stakeholder partnerships and influence decisions: Partner effectively across Technology, Risk, Legal, Controls, and Compliance; influence outcomes through strong communication, relationship management, and negotiation—especially where priorities conflict.
Contribute to the development of AI-enhanced risk monitoring capabilities, partnering with technology teams to drive LLM-based capabilities

Required qualifications, capabilities and skills

Bachelor’s Degree in Information Security, Computer Science or other related disciplines
Minimum 8 years in financial services or multinational corporations (MNCs) in roles related to risk management, resiliency, outsourcing program management, or controls-focused areas.
Self-starter with the ability to work independently, frame complex problems clearly, and identify creative solutions.
AI/ML enablement for risk: Experience using AI models and driving value from them required
Demonstrated experience assessing third party risk and controls, performing due diligence/control reviews, and providing effective challenge and risk recommendations.
Proven 2LOD third party / outsourcing risk leadership: Experience forming risk views, challenging 1LOD, and driving closure on control gaps and material risk issues across multiple stakeholders.
Strong governance execution: Ability to establish decision forums, drive alignment, document outcomes, and ensure follow through across lines of defense and regions.
Regulatory and audit-ready mindset: Demonstrated partnership with Compliance and capability to operationalize jurisdictional requirements into sustainable oversight practices and evidence.
Thematic analytics & risk storytelling: Ability to turn metrics and control/issue data into prioritized insights and crisp executive narratives (what changed, why, so what, now what). • Technology risk depth for third party oversight: Strong command of cyber, data protection, and resiliency/BCP, with practical ability to assess third party architecture resilience (cloud shared responsibility; HA/DR patterns).
Executive-level communication and stakeholder influence: Confident, concise communicator with the ability to negotiate and drive decisions with senior stakeholders.
Demonstrated ability to work effectively in cross-functional teams and drive initiatives to completion in a complex, matrixed organization.

Preferred qualifications, capabilities and skills

Domain Expertise: Specific expertise in third party risk management, sourcing & procurement, operational risk, and control management is highly desirable.
Hands-on dashboards / automation: Building automated reporting and monitoring solutions (vs. only consuming analytics).
Deep cloud engineering expertise: Advanced architecture specialization beyond assessment needs.
Day-one familiarity with specific regional regulators/regulatory guidelines (e.g., MAS/HKMA/OJK/BNM)
Data-Driven Risk Analysis: Ability to analyze risk concentration areas and risk profiles by integrating and interpreting data from both internal and external sources, enabling comprehensive assessment of residual risk posture.
Complex Data Management: Experience working with large, complex datasets and generating actionable reports to support risk management and decision-making.
Analytical & Problem-Solving Skills: Strong written, verbal, and analytical skills, with a demonstrated ability to solve complex problems and synthesize insights for stakeholders.
Influence & Communication: Proven ability to communicate effectively and influence management at all organizational levels, including external regulatory bodies.
Strong knowledge of technology and outsourcing risk management frameworks, regulatory requirements, and industry standards (e.g., Basel, NIST, ISO 22301), including APAC-specific regulations.
Professional certifications such as CISM, CRISC, CISSP, CBCP, or equivalent.

**Job responsibilities **

Own regional 2LOD oversight for Third Party / Outsourcing Risk: Set the regional agenda and provide credible challenge to LOB/CF and Location leads to ensure complete coverage, consistent execution, and timely escalation of material third party risks.
Lead independent control assessments and risk opinions: Drive objective evaluations of third party control environments and mitigation plans (design/operating effectiveness where applicable), synthesize conclusions, and deliver clear risk positions and recommended actions.
Drive 1LOD/2LOD alignment and governance outcomes: Chair or steer alignment forums as needed to ensure consistent risk outcomes, impact assessments, and issue positions across stakeholders for outsourcing and third party risk.
Coordinate jurisdictional regulatory alignment with Compliance: Translate evolving regional regulatory expectations into practical oversight requirements; partner with Compliance to ensure adherence across CTPO/Global Security and LOB/CF teams and to support regulatory/audit readiness.
Deliver thematic risk insights and executive reporting: Run thematic analyses using KRIs/KPIs, control performance data, and issues/incidents to identify trends and emerging risks; communicate regional risk posture, hotspots, and decisions required to senior stakeholders.
Advance the TPRM program operating model: Identify, prioritize, and execute program enhancements that improve transparency, consistency, and efficiency (e.g., standards, playbooks, measurement, and reporting), with demonstrable impact to risk outcomes.
Build senior stakeholder partnerships and influence decisions: Partner effectively across Technology, Risk, Legal, Controls, and Compliance; influence outcomes through strong communication, relationship management, and negotiation—especially where priorities conflict.
Contribute to the development of AI-enhanced risk monitoring capabilities, partnering with technology teams to drive LLM-based capabilities

Required qualifications, capabilities and skills

Bachelor’s Degree in Information Security, Computer Science or other related disciplines
Minimum 8 years in financial services or multinational corporations (MNCs) in roles related to risk management, resiliency, outsourcing program management, or controls-focused areas.
Self-starter with the ability to work independently, frame complex problems clearly, and identify creative solutions.
AI/ML enablement for risk: Experience using AI models and driving value from them required
Demonstrated experience assessing third party risk and controls, performing due diligence/control reviews, and providing effective challenge and risk recommendations.
Proven 2LOD third party / outsourcing risk leadership: Experience forming risk views, challenging 1LOD, and driving closure on control gaps and material risk issues across multiple stakeholders.
Strong governance execution: Ability to establish decision forums, drive alignment, document outcomes, and ensure follow through across lines of defense and regions.
Regulatory and audit-ready mindset: Demonstrated partnership with Compliance and capability to operationalize jurisdictional requirements into sustainable oversight practices and evidence.
Thematic analytics & risk storytelling: Ability to turn metrics and control/issue data into prioritized insights and crisp executive narratives (what changed, why, so what, now what). • Technology risk depth for third party oversight: Strong command of cyber, data protection, and resiliency/BCP, with practical ability to assess third party architecture resilience (cloud shared responsibility; HA/DR patterns).
Executive-level communication and stakeholder influence: Confident, concise communicator with the ability to negotiate and drive decisions with senior stakeholders.
Demonstrated ability to work effectively in cross-functional teams and drive initiatives to completion in a complex, matrixed organization.

Preferred qualifications, capabilities and skills

Domain Expertise: Specific expertise in third party risk management, sourcing & procurement, operational risk, and control management is highly desirable.
Hands-on dashboards / automation: Building automated reporting and monitoring solutions (vs. only consuming analytics).
Deep cloud engineering expertise: Advanced architecture specialization beyond assessment needs.
Day-one familiarity with specific regional regulators/regulatory guidelines (e.g., MAS/HKMA/OJK/BNM)
Data-Driven Risk Analysis: Ability to analyze risk concentration areas and risk profiles by integrating and interpreting data from both internal and external sources, enabling comprehensive assessment of residual risk posture.
Complex Data Management: Experience working with large, complex datasets and generating actionable reports to support risk management and decision-making.
Analytical & Problem-Solving Skills: Strong written, verbal, and analytical skills, with a demonstrated ability to solve complex problems and synthesize insights for stakeholders.
Influence & Communication: Proven ability to communicate effectively and influence management at all organizational levels, including external regulatory bodies.
Strong knowledge of technology and outsourcing risk management frameworks, regulatory requirements, and industry standards (e.g., Basel, NIST, ISO 22301), including APAC-specific regulations.
Professional certifications such as CISM, CRISC, CISSP, CBCP, or equivalent.