DescriptionJoin one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the financial industry.
As a Lead Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. As a core technical contributor, you are responsible for carrying out critical cybersecurity architecture solutions by identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions in support of project goals.
Job responsibilities
- Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
- Defines the technical target state of their cybersecurity product and drives achievement of the strategy
- Evaluate current cybersecurity principals, processes, and controls, and new technology using existing standards and frameworks
- Provide technical guidance and direction to support the business and its technical teams, contractors, and vendors
- Work with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
- Serve as a function-wide subject matter and be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains
- Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution and identifying the root cause/key themes.
- Contribute to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Secure Software Development Life Cycle
- Influence peers and project decision-makers to consider the use and application of leading-edge technologies
- Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives
Required qualifications, capabilities, and skills
- Formal training or certification on Cybersecurity Architecture concepts and 5+ years applied experience
- Advanced knowledge of cybersecurity architecture/engineering, applications, and technical processes
- Advanced in one or more programming languages such as Python or Java
- Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to:
- Modern Security Engineering/Architecture practices (microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
- Technical Service Delivery - Shipping code & features
- Product technologies (Infrastructure, Application)
- Secure Software Development Life Cycle (SSDLC) such as code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning
- Applicable working experience designing and implementing cloud services (IaaS, PaaS, SaaS, etc) offered from public cloud service providers (e.g., AWS, Microsoft Azure, Google etc.)
- Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
- Experience effectively communicating with senior business leaders
Preferred qualifications, capabilities, and skills
- Experience with terraform enterprise, service control policies, and Kubernetes security
- Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
- Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) or industries with similar risk tolerance