Cloud Information Security Manager (ISM) for Payments Technology

Company: JPMorgan Chase & Co.
Location: Plano
Posted on: March 19, 2023

Job Description:

Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the World's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.

Summary

Cybersecurity & Technology Controls (CTC) is part of the broader Global Technology organization Our mission is to ensure the security and resiliency of the computing environment, protect confidential information, comply with regulatory requirements, and manage risk and controls for the firm, globally. We accomplish this through strong information security leadership and active collaboration with line of business information security managers to provide high quality security solutions and services that are focused on improving the overall technology risk posture.

As an experienced professional in our cybersecurity organization, you won't just watch over our data - you will find innovative new ways to protect it today and into the future. To do that, you'll focus on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our security postures. You'll use your leadership skills to secure complex environments, guide others, advise on best practices and support our business and technology groups. You'll help secure the firm thru secure design principals, harden reference architectures, best practices, new policies and emerging trends to strengthen our strategic roadmap. You will interface with staff at all levels of the organization and the ability to remain technical while managing business expectations is highly important. By presenting your findings to senior leaders, you'll sharpen your communication and presentation skills. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world.

This role will have opportunity to interact with internal technologists around the globe in support of business growth, adoption of modern technologies, and mergers and acquisitions.

What You Will Be Doing:

This is a technical trusted-advisor role working with our payment architects and technology teams. In this role, you will partner with internal customers, to ensure the World-Class solutions being built are designed and brought to life securely. To be successful in this role, you have experience in cloud and hybrid architectures, ability to translate deeply technical solutions to higher-level stakeholders, explain and manage risk, and be the voice to ensure technical solutions are designed to meet compliance requirements (i.e.: PCI-DSS).

This role is hybrid between solutions architect, technical risk advisor, and internal consultant. You have experience in various security, risk & compliance domains such as; tech, cyber, cloud, compliance, API, and Microservices.

* Define, Design, and Guide secure architecture throughout existing and future payment technology environments.
* Work with internal technology team to ensure security and compliance is designed from-the-start for modern technology stacks such as public cloud, containers, API gateways, microservices & serverless platforms.
* Advise and assist on opportunities for architectural patterns, repeatability, and advise on deviations. In this context, a strong understanding of security tooling is important as you as you will advise your stakeholders on how and where to leverage various security products to mitigate risk.
* Be the trusted advisor to your respective stakeholders to consultant and manage risk in their space.
* Be a strong technologist and a natural collaborator across the firm.
* Research, design and apply advanced security techniques such as threat modeling and structured architecture reviews.
* Translate and advise on technical designs that must meet risk profile and compliance needs in a global context. Including cross-border, data sovereignty, and design/advise to ensure our tech teams meet respective regulatory requirements applicable to their workloads.
* Partnering with our Commercial and Investment Bank and other technical teams to ensure area owners are advise and oversee security design and implementation, applied in a timely manner.
* Ability to translate deeply technical concepts into risk, compliance, and to business stakeholders.
* improvements in implementation patterns and architectural design concepts.
* Providing regular management reporting to senior management and relevant stakeholders in business units.

Qualifications

* Minimum 5+ years of experience in Information security in an operation, engineering, or technical architect role.
* Background in infrastructure, system administration, & secure software development lifecycle desired, with requirement of professional security experience.
* Combination of experience with security tooling & products, risk management, standards, architecture principles, threat and vulnerability management, and incident response methodologies.
* Professional experience with modern technologies such as public cloud (AWS, Azure, etc.), hybrid architectures, containerization and orchestration (Kubernetes), API security, & microservice architectures.
* Understanding or hands on experience with programming languages is desired.
* Versed in application and secure software design principles, web application security and related attack patterns (OWASP Top-10), and technical mitigation solutions.
* Solid understanding of Identity and Access Management (IAM) in an enterprise and hybrid environments, not limited to SSO, Oauth, SAML, AD & ADFS, Privileged Access Management, RBAC, etc.
* Understanding of information security and risk management challenges, issues mitigations and remediation in a multi-national enterprise environment.
* Professional experience with regulatory and compliance requirements, specifically direct involvement in designing technology to meet compliance controls, is highly desired.
* Demonstrated experience operating as a leader and leading others either directly or by mentorship or partnership.

Keywords: JPMorgan Chase & Co., Plano , Cloud Information Security Manager (ISM) for Payments Technology, Executive , Plano, Texas