Senior Information Security / Security Architect

Job Description

The Information Security Manager (ISM) is responsible for coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology.  This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.

Role is part of the Cybersecurity & Technology Controls organisation. The group is a risk partner and consultant to the Corporate Investment Bank (CIB), accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk.  We operate within a complex landscape driven by client expectations, the requirements of being a US Broker Dealer and the vastness/variety that comes with operating in 53 countries across the globe.  Our thought leadership is required across broad spectrum of topics in support of CIBs businesses and technologists.

Role scope ·         Senior ISM delivering Security Architecture based consulting services through engagement with senior technology leaders (MD/EDs) across the CIB and CTC global organisations. ·         Lead security architecture reviews and control design reviews across a diverse technology estate including Public/Private Cloud, Blockchain & Digital.

·         Lead a small team of security architects providing risk advisory service to CIB technology teams and leaders to define and agree technology control designs and strategies inclusive of authentication, authorisation, encryption, data protection and network security domains.

  Distinguishing characteristics of the ideal candidate

·     Analytical and objective – able to elaborate on, characterize, assess and evaluate technology and technology related risks with clarity and rational;

·     Influencer and facilitator – able to build strong interpersonal relationships, and inform, guide and motivate managers and technologists to address risks with due care and attention to detail;

·     Strong communicator – able to explain risks that are often complex and obscure to less expert technologists or risk professionals. Equally good at listening and collaborating effectively with others to enable risk based responses;

·     A self-motivated leader - demonstrating a passion for risk management and thought-leadership in this domain;

·     Confident and trustworthy - passionate about building respect and trust across stakeholders and inspire other ISMs including junior and senior members of the team.

Qualifications, skills and experience

The following are relevant and desirable for this role: 

·     Technology risk management: candidate likely to have 10+ years technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions.

·     At least 10 years work experience in the area of technology risk.   Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager;

·     Relevant technical qualifications such as MIRM, CRISC, CISM, CISA, CISSP, AWS Certified Security etc;

·     Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization.