Tech Risk & Controls Director - Information Technology Asset Management (itam)

JPMorgan Chase JPMorgan Chase · Banking · NY · Consumer & Community Banking

This role leads the strategic development and implementation of technology risk management and enterprise-grade technology asset governance within a large, regulated financial institution. It focuses on ensuring technology assets are inventoried, compliant, resilient, cost-optimized, and lifecycle-managed to support consumer banking outcomes, with a strong emphasis on controls, risk posture, and audit readiness. The role also involves leading the safe adoption of enterprise-authorized AI capabilities within risk and controls workflows.

What you'd actually do

  1. Own ITAM strategy and operating model for CCB Technology, ensuring a complete, accurate, and auditable inventory of in-scope assets and relationships (configuration, ownership, location, usage, entitlement), inclusive of Tech Ops, Tech Maintenance, and Tech Lifecycle Management
  2. Establish and drive adoption of enterprise standards for asset onboarding, normalization, tagging, reconciliation, and lifecycle state management across engineering and operations teams
  3. Lead software licensing and entitlement management including consumption analytics, compliance/audit readiness, and remediation of gaps through durable process and tooling improvements
  4. Design, implement, and execute an ITAM controls framework that is audit-ready, including control objectives, evidence standards, governance cadence, issue management, and remediation discipline
  5. Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks aligned to firm standards, regulatory requirements, and industry best practices

Skills

Required

  • Senior leadership experience in technology asset management and technology operations within large-scale, regulated environments
  • Deep knowledge of ITAM practices, software licensing/entitlement management, lifecycle governance, and operational service management disciplines
  • Proven experience building controls, operating cadences, and audit-ready evidence with strong issue remediation discipline
  • Demonstrated ability to deliver measurable outcomes across availability/stability, cost optimization (TCO), risk reduction, and operational efficiency
  • Demonstrated experience leading safe adoption of enterprise-authorized AI capabilities within the work environment within technology risk and controls workflows, including validation practices and awareness of data sensitivity
  • Ability to define review/approval and escalation expectations for AI-assisted recommendations while maintaining security, auditability, and regulatory compliance outcomes.
  • Strong executive communication skills; ability to lead and influence cross-functional initiatives across engineering, infrastructure, and enterprise control partners
  • 7+ years of experience (or equivalent expertise) in technology risk management, information security, or related fields, with a focus on risk identification, assessment, and mitigation
  • Establishes governance standards for AI-assisted workflows used in risk reporting and issue/action-plan management, ensuring traceability/auditability and alignment to security, resiliency, and regulatory expectations
  • Demonstrated expertise in risk management frameworks, industry standards, and regulatory requirements relevant to the financial industry

Nice to have

  • Proven ability to lead large teams, manage cross-functional projects, and translate technology insights into business-aligned strategy and decisions
  • Advanced knowledge in data security, risk assessment & reporting, and control evaluation/design/governance, with a track record of implementing effective risk mitigation strategies
  • Experience with enterprise-scale CMDB/asset ecosystems, discovery tooling, and software asset management (SAM) platforms
  • Experience integrating asset intelligence with incident/problem/change processes and operating models
  • Experience supporting technology modernization, platform standardization, and large-scale refresh/decommission programs

What the JD emphasized

  • regulated environments
  • enterprise-authorized AI adoption
  • human-in-the-loop validation
  • sensitive data
  • AI-assisted recommendations
  • regulatory compliance outcomes
  • risk management frameworks
  • industry standards
  • regulatory requirements relevant to the financial industry