Sr. Lead Cyber Security Architect

Overview

Join one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the Payments industry. As a Sr. Lead Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you are an architect & trusted advisor working with developers, architects, and technology teams supporting our Payments organization. In this role, you will partner with internal customers, to ensure the World-Class solutions being built are designed and brought to life securely.

You will be a trusted advisory to project and product leads, and a technical resource capable of going deep when needed. This role will support internal technologists around the globe in support of business growth, adoption of modern technologies, and varying technology integrations.

• Technical contributor and expected to apply your expertise in cybersecurity engineering, application, cryptography, and architecture domains to operate as the security-lead part of projects and initiatives supporting Payments. Define, Design, and Guide security throughout existing and future payment technology environments.
• Work with internal technology team to ensure security and compliance is designed from-the-start for modern technology stacks such as point-of-sale devices (POS), device key and identity management, public cloud connectivity, API gateways, & hybrid environments.
• Advise and assist on opportunities for architectural patterns, repeatability, and advise on deviations. In this context, a strong understanding of security tooling is important as you as you will advise your stakeholders on how and where to leverage various security products to mitigate risk.
• Assess & Review architectures across various platforms (on-prem, cloud, modern technologies, etc.) and independently conduct design reviews, threat modeling and structured architecture reviews.
• Translate and advise on technical designs that must meet risk profile and compliance needs in a global context. Including cross-border, data sovereignty, and design/advise to ensure our tech teams meet respective regulatory requirements applicable to their workloads.
• Partnering with our Commercial and Investment Bank and other technical teams toensure area owners are advise and oversee security design and implementation, applied in a timely manner. Providing regular management reporting to senior management and relevant stakeholders in business units.
• Design security solutions to manage risk for new and emerging technologies in the Payments space.
• Perform threat modelling to identify potential security risks and develop mitigation strategies. Use your knowledge of applicable regulatory requirements such as PCI-DSS, HIPAA, etc. to design secure architectures that both meet security, risk, and compliance requirements.

• Formal training or certification on cybersecurity architecture concepts and 5+ years applied experience.
• Practical working knowledge of, or experience architecting and providing security guidance inline with industry frameworks applicable to Payments (ie: PCI-DSS, HIPAA, etc.).
• Hands-on experience in threat modeling and designing secure controls for enterprise-level solutions. Thorough design and security architecture experience in one or more of the large public cloud providers. (e.g. AWS, Azure, Google Cloud) Certifications advantageous.
• Experience designing secure solutions specific securing (payments) flows between 3rdparties or business partners.
• Experience with Point of Sale (POS) device security, key management, identity, and interconnectivity with hybrid environments, third parties, and on-prem ecosystems. In-depth knowledge of the financial services industry and their IT systems

• Security architecture role or responsibilities at large enterprise, global scale. Experience working with AI models and complex distributed data sets. API Gateway security expertise.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory…