Compliance - CCOR Risk Management Director - Executive Director
JPMorgan Chase & Co., New York, NY, United States
Bring your expertise toJPMorganChase. As part of Risk Management and Compliance, you are at the center of keeping JPMorganChase strong and resilient. You help the firm grow its business in a responsible way by anticipating new and emerging risks, and using your expert judgement to solve real-world challenges that impact our company, customers and communities. Our culture in Risk Management and Compliance is all about thinking outside the box, challenging the status quo and striving to be best-in-class.
As anExecutive DirectorinData and AI Compliance, Conduct and Operational Risk (CCOR), you will providesecond line of defense (2LoD) independent oversightacross theChief Data & Analytics Office (CDAO) Product and Platformorganization, with a focus onData/AI platforms, model ingestion and onboarding, agentic systems, and external AI services. You will develop and execute targeted review strategies across the AI technical supply chain—data flows, integrations, access controls, logging/traceability, and data residency—ensuring products and platforms operate within the firm’s risk appetite and align to regulatory expectations.
Your role will report to the Head of AI, CCOR, and provides independent 2LoD oversight across theCDAO Product & Platform data and AI portfolio, spanning internally built products and third‑party/SaaS capabilities (e.g., data access and connectivity, governance/lineage/metadata, model development and notebooks, model serving, agentic capabilities, and managed data/AI platforms). You will assess whether risks are appropriately identified and controlled throughout the product lifecycle (including logging/traceability, data residency, third‑party risk, access/entitlements, and human‑in‑the‑loop safeguards where applicable), challenge and influence teams to remediate gaps, andescalate through governance channels or other mechanisms when needed to achieve acceptable risk outcomes.
Job Responsibilities
Provide strategic guidance and proactive2LoD oversightthrough targeted assessments of CDAO Product & Platform governance, processes, and control environments across the data and AI portfolio. Applytechnical architectureexpertise to challenge how data/AI services are designed and consumed (e.g., APIs, managed services, model gateways, identity and access patterns, orchestration layers), with a focus on secure control points and end-to-end auditability. Drivefirst line accountabilityfor defining and reporting meaningfulKRIsand control evidence (e.g., logging/traceability, data residency adherence, third-party dependencies, exception trends), and challenge content, quality, and outcomes as needed. Serve as an independent challenger forthird-party/SaaS and managed AI platforms, validating risk and control expectations for data sharing/egress, vendor usage constraints, and operational resilience. Oversee governance forGenAI and agentic systems(including tool-enabled assistants and external model integrations), ensuring proportionate guardrails, least-privilege access, human oversight where required, and defined stop/containment mechanisms. Provide 2LoD oversight of foundational data governance products (inventory/CDE, metadata, lineage, catalog, data quality), ensuring they enable compliant data use and support obligations such as BCBS 239 across CDAO Product & Platform. Influence and reinforceright risk behaviorswithin Product & Platform teams by requiring appropriate SME engagement, clear ownership, timely remediation, and consistent follow-through to closure. Stay current on evolvingAI regulationsandAI risk frameworksand translate them into actionable oversight expectations, review checklists, and audit-ready documentation. Required qualifications, capabilities and skills
Significant relevant experience in (a) data/AI product and platform delivery with strong control-by-design practices, or (b) risk/governance oversight across data/AI and cloud with demonstrated independent challenge; Demonstrated ability to operate with credible challenge and strong governance discipline (e.g., driving first line ownership, reviewing evidence, documenting risk positions, and escalating issues to resolution), while collaborating effectively with senior stakeholders and partners. Demonstrable technical architecture fluency, with experience assessing and challenging designs for data/AI platforms and integrations (APIs and managed services, security gateways, IAM/least privilege, logging/observability, data residency and egress controls). Strong understanding of AI/LLM capabilities and risks across the lifecycle (model onboarding/ingestion, retrieval/RAG patterns, model serving) and associated control points (traceability, access, data handling), including assessing control design and operational effectiveness in fast-changing environments. Experience with agentic AI architectures and tool-enabled assistants (e.g., overseeing “Claude Code”-style deployments), including guardrails, access boundaries, traceability, and human oversight appropriate to risk. Strong analytical and issue-spotting capability to drive risk decisions. Excellent communication and counseling skills (including client-facing experience), with ability to translate complex technical topics into clear risk positions, influence outcomes, prioritize across competing demands, and drive closure on remediation action Preferred qualifications, capabilities and skills
Awareness of evolving AI regulations and AI risk frameworks, with ability to translate them into practical governance, controls, and operating model requirements (e.g., EU AI Act, NIST AI RMF; familiarity with NIST/ISO is beneficial) Experience in a regulated environment is preferred (including roles within major cloud/service providers supporting regulated customers).
#J-18808-Ljbffr
Provide strategic guidance and proactive2LoD oversightthrough targeted assessments of CDAO Product & Platform governance, processes, and control environments across the data and AI portfolio. Applytechnical architectureexpertise to challenge how data/AI services are designed and consumed (e.g., APIs, managed services, model gateways, identity and access patterns, orchestration layers), with a focus on secure control points and end-to-end auditability. Drivefirst line accountabilityfor defining and reporting meaningfulKRIsand control evidence (e.g., logging/traceability, data residency adherence, third-party dependencies, exception trends), and challenge content, quality, and outcomes as needed. Serve as an independent challenger forthird-party/SaaS and managed AI platforms, validating risk and control expectations for data sharing/egress, vendor usage constraints, and operational resilience. Oversee governance forGenAI and agentic systems(including tool-enabled assistants and external model integrations), ensuring proportionate guardrails, least-privilege access, human oversight where required, and defined stop/containment mechanisms. Provide 2LoD oversight of foundational data governance products (inventory/CDE, metadata, lineage, catalog, data quality), ensuring they enable compliant data use and support obligations such as BCBS 239 across CDAO Product & Platform. Influence and reinforceright risk behaviorswithin Product & Platform teams by requiring appropriate SME engagement, clear ownership, timely remediation, and consistent follow-through to closure. Stay current on evolvingAI regulationsandAI risk frameworksand translate them into actionable oversight expectations, review checklists, and audit-ready documentation. Required qualifications, capabilities and skills
Significant relevant experience in (a) data/AI product and platform delivery with strong control-by-design practices, or (b) risk/governance oversight across data/AI and cloud with demonstrated independent challenge; Demonstrated ability to operate with credible challenge and strong governance discipline (e.g., driving first line ownership, reviewing evidence, documenting risk positions, and escalating issues to resolution), while collaborating effectively with senior stakeholders and partners. Demonstrable technical architecture fluency, with experience assessing and challenging designs for data/AI platforms and integrations (APIs and managed services, security gateways, IAM/least privilege, logging/observability, data residency and egress controls). Strong understanding of AI/LLM capabilities and risks across the lifecycle (model onboarding/ingestion, retrieval/RAG patterns, model serving) and associated control points (traceability, access, data handling), including assessing control design and operational effectiveness in fast-changing environments. Experience with agentic AI architectures and tool-enabled assistants (e.g., overseeing “Claude Code”-style deployments), including guardrails, access boundaries, traceability, and human oversight appropriate to risk. Strong analytical and issue-spotting capability to drive risk decisions. Excellent communication and counseling skills (including client-facing experience), with ability to translate complex technical topics into clear risk positions, influence outcomes, prioritize across competing demands, and drive closure on remediation action Preferred qualifications, capabilities and skills
Awareness of evolving AI regulations and AI risk frameworks, with ability to translate them into practical governance, controls, and operating model requirements (e.g., EU AI Act, NIST AI RMF; familiarity with NIST/ISO is beneficial) Experience in a regulated environment is preferred (including roles within major cloud/service providers supporting regulated customers).
#J-18808-Ljbffr