Location: Chicago, IL, United States

Join one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the Payments industry.

As a Sr. Lead Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you are an architect & trusted advisor working with developers, architects, and technology teams supporting our Payments organization.  In this role, you will partner with internal customers, to ensure the World-Class solutions being built are designed and brought to life securely.  

 You will be a trusted advisory to project and product leads, and a technical resource capable of going deep when needed. This role will support internal technologists around the globe in support of business growth, adoption of modern technologies, and varying technology integrations.

 

Job Responsibilities:

• Technical contributor and expected to apply your expertise in cybersecurity engineering, application, cryptography, and architecture domains to operate as the security-lead part of projects and initiatives supporting Payments. Define, Design, and Guide security throughout existing and future payment technology environments.
• Work with internal technology team to ensure security and compliance is designed from-the-start for modern technology stacks such as point-of-sale devices (POS), device key and identity management, public cloud connectivity, API gateways, & hybrid environments.
• Advise and assist on opportunities for architectural patterns, repeatability, and advise on deviations. In this context, a strong understanding of security tooling is important as you as you will advise your stakeholders on how and where to leverage various security products to mitigate risk. 
• Assess & Review architectures across various platforms (on-prem, cloud, modern technologies, etc.) and independently conduct design reviews, threat modeling and structured architecture reviews.
• Translate and advise on technical designs that must meet risk profile and compliance needs in a global context. Including cross-border, data sovereignty, and design/advise to ensure our tech teams meet respective regulatory requirements applicable to their workloads.
• Partnering with our Commercial and Investment Bank and other technical teams to ensure area owners are advise and oversee security design and implementation, applied in a timely manner. Providing regular management reporting to senior management and relevant stakeholders in business units.
• Design security solutions to manage risk for new and emerging technologies in the Payments space.
• Perform threat modelling to identify potential security risks and develop mitigation strategies. Use your knowledge of applicable regulatory requirements such as PCI-DSS, HIPAA, etc. to design secure architectures that both meet security, risk, and compliance requirements.

 

Required Qualifications, Capabilities, and Skills:

• Formal training or certification on cybersecurity architecture concepts and 5+ years applied experience.
• Practical working knowledge of, or experience architecting and providing security guidance inline with industry frameworks applicable to Payments (ie: PCI-DSS, HIPAA, etc.).
• Hands-on experience in threat modeling and designing secure controls for enterprise-level solutions. Thorough design and security architecture experience in one or more of the large public cloud providers. (e.g. AWS, Azure, Google Cloud) Certifications advantageous. 
• Experience designing secure solutions specific securing (payments) flows between 3
  rd
   parties or business partners.
• Experience with Point of Sale (POS) device security, key management, identity, and interconnectivity with hybrid environments, third parties, and on-prem ecosystems. In-depth knowledge of the financial services industry and their IT systems  

 

Preferred Qualifications, Capabilities, and Skills:

• Security architecture role or responsibilities at large enterprise, global scale. Experience working with AI models and complex distributed data sets. API Gateway security expertise.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection . Risk management, governance, risk & compliance experience – preferably intersected with technical design and architectural inputs.
• Cryptography experience in regard to key and secrets management for peripherals such as point-of-sale (POS) devices or IoT devices is helpful.  Experience designing secure solutions specific to hybrid connectivity both in house across platforms and cloud providers. Experience managing Identity and Access Management (IAM) in an enterprise and hybrid environments.
• Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using formalized Threat Modeling methodologies (e.g., STRIDE). Experience in Application Security, background in penetration testing will be helpful in this role

#CTC

Drive significant business impact and tackle cybersecurity architecture challenges across CIB Payments applications and platforms.