DescriptionJoin one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the financial industry.
As a Lead Cybersecurity Architect at JPMorgan Chase within the Cybersecurity Technology & Controls organization, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. As a core technical contributor, you are responsible for carrying out critical cybersecurity architecture solutions by identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions in support of project goals.
Job responsibilities
- Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
- Embed threat modelling, solutions architecture, secure code review into product and application teams so they adopt our control products and create products that are secure from the start
- Solve for complex problems on the cutting edge of fields such as Payments and banking APIs
- Evaluate current cybersecurity principals, processes, and controls, and new technology using existing standards and frameworks
- Provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
- Serves as a function-wide subject matter expert; Will be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains.
- Proactively monitors Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution and identifying the root cause/key themes.
- Contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Secure Software Development Life Cycle
- Influences peers and project decision-makers to consider the use and application of leading-edge technologies
- Works collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives.
Required qualifications, capabilities, and skills
- Formal training or certification on engineering concepts and 5+ years applied experience
- Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls
- Experience with security, networking, K8S, Python GoLang, Compliance and regulatory policies
- Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to:
- Modern Security Engineering/Architecture practices (e.g. microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
- Technical Service Delivery - Shipping code & features
- Product technologies (i.e., Infrastructure, Application)
- Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning
- Applicable working experience designing and implementing cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered from public cloud service providers (e.g., AWS, Microsoft Azure, Google etc.)
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for the future state architecture
- Experience effectively communicating with senior business leaders
Preferred qualifications, capabilities, and skills
- Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
- Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) preferred but not required
- Banking experience preferred but experience in industries with similar risk tolerance is acceptable
- Understanding of the financial services industry and their IT systems