Jobs · themuse

J

Tech Risk and Controls Lead

Meridian Softworks · Columbus, OH · Posted 20d ago

onsitesenior🇺🇸 United States
Apply on themuse

About the role

Join a role that's central to our technological controls and standards, offering a unique opportunity to shape the firm's tech controls strategy in alignment with various standards and regulatory requirements. As a Tech Risk & Controls Lead at Meridian Softworks within the Cybersecurity Technology and Controls, you will be responsible for the firm's control design, governance, standardization, and measurement across all the Cyber domains. Your primary focus will be leading and managing the Security Configuration Management domain. This role ensures that foundational and advanced controls across platform, network, endpoint and application security configuration are governed by clearly defined standards and measurable control objectives. This position blends deep technical understanding of controls and tooling with architectural oversight and governance rigor ensuring that the firm's operational controls are consistently engineered, validated, and improved across both cloud‑native and on‑premises environments. Job responsibilities Lead the development of technical control objectives and standards for Security Configuration Management and other Cyber domains. Leverages enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis and decisioning (e.g., risk identification and documentation), validating outputs and handling data according to sensitivity and security requirements. Define measurable performance and effectiveness metrics for each control category, integrating telemetry, automation, and operational metrics into governance dashboards. Uses enterprise-authorized AI capabilities within the work environment to accelerate synthesis of risk/control evidence and draft executive-ready reporting, validating outputs and handling data according to sensitivity and security requirements Promotes reuse-first, AI-assisted approaches to streamline recurring control testing and issue/action-plan management routines, ensuring human review and alignment to auditability and regulatory expectations Partner with security engineering and operations teams to evaluate control sufficiency against threat models, regulatory expectations, and internal policies. Govern control implementation and sustainment across hybrid ecosystems (cloud, data center, and user endpoint environments), ensuring consistent security posture. Assess and guide integration of firm wide configuration drift monitoring tools (Evolven, Puppet, Chef, Wiz etc...) with JPMC's GRC ecosystem to align with standardized control objectives. Provide strategic insight into the control posture to architecture and risk governance leadership, driving continuous improvement in control effectiveness and efficiency. Collaborate across architecture, operations, and GRC teams to ensure security configuration, network and endpoint controls align with enterprise configuration standards, policies, and frameworks. Drives reuse-first adoption of AI-assisted security validation within SDLC/toolchain routines, improving control testing and remediation quality with traceability/auditability and resiliency expectations. Formal training or certification with 5+ years of experience in cybersecurity controls architecture, security engineering, or operations leadership (various Cyber domains). Proficient in designing or governing technical control frameworks across hybrid environments (AWS, Azure, on‑premises). Required qualifications, capabilities, and skills Professional certifications such as Cloud Certifications (AWS Solutions Architect, AWS Security Specialist), CISSP, CISM, or GIAC. Experience designing metrics and governance frameworks for Security Configuration Management, SOC, network security, or endpoint control domains. Strong working knowledge of GRC tools like Archer, infrastructure as code, and control enforcement in dynamic and hybrid environments. Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support technology risk and controls workflows with strong validation habits and awareness of data sensitivity. Ability to review and validate AI-assisted risk summaries and recommendations before use, escalating when uncertain and ensuring outcomes align to security, auditability, and regulatory expectations. #CTC ABOUT US JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management. We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretiona

Read the full posting on themuse

FAQ

Is the Tech Risk and Controls Lead role at Meridian Softworks remote?+

This Tech Risk and Controls Lead position is listed as onsite (Columbus, OH).

What seniority level is this Tech Risk and Controls Lead role?+

This is a senior level position.

How do I apply for the Tech Risk and Controls Lead role at Meridian Softworks?+

Use the "Apply on themuse" button to open the original posting on themuse, where you can submit your application directly to Meridian Softworks.