Cybersecurity and Technology Controls’ Firmwide Technology Resiliency (FTR) organization is tasked with ensuring the Firm’s technology estate can maintain effective operations and support the ongoing, critical functioning of Essential Business Services in the face of today’s evolving threat landscape. The FTR team partners across all JPMC Lines of Business and Corporate Functions to drive & deliver the following:
1. Proactive, threat-informed testing, simulations, & assessments that validate readiness and drive down residual risk.
2. An end-to-end technology resiliency control framework linked to robust governance & reporting structures to ensure appropriate visibility and accountability.
3. A multi-year, prioritized resiliency investment strategy focused on uplifting core tooling, capabilities, and controls to enable the Firm’s top strategic priorities across key areas such as Public Cloud, Technology Modernization, AI/ML, and ongoing business expansion (among others)
4. Ongoing regulatory & financial industry engagement to support the strengthening of sector-level resiliency & readiness
5. Proactive threat and vulnerability analyses that ensure the above activities are grounded in the current risk landscape and most plausible disruptive scenarios.
As a Senior Lead Cybersecurity Architect in FTR, you will be an integral part of a dynamic team that works to develop high-quality cybersecurity solutions for various software applications and platform products. Partnering with other members of Cybersecurity, Line of Business Resiliency Leads and technologists across the firm in developing real life scenarios. Ensuring that resiliency is designed across the life cycle of both infrastructure technology and applications, thereby driving the timely and successful execution of the firmwide Recovery and Resiliency strategy. In addition, you will drive significant business impact through your capabilities and contributions and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity and resiliency challenges that span multiple technology domains.
You should be a strong technologist who is flexible, resilient, an innovative thinker, as well as a natural collaborator with enterprise architects, engineers, developers, and senior management from across the organization. As a Senior Lead Cybersecurity Architect, with a focus on resiliency you would be expected to lead and promote resilient architecture enabling resiliency/agility within our global technology products. In addition, you must possess strong technical leadership skills, the ability to influence at all levels of the organization, demonstrated success in working with teams particularly in a matrix fashion, and communicate effectively through clarity of thought and demonstrated understanding of business and technical requirements. Additionally, you would have been in a cybersecurity engineering / architecture role with some application knowledge.
Job responsibilities
6. Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
7. Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
8. Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
9. Serves as function-wide subject matter expert in one or more areas of focus
10. Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
11. Influences peers and project decision-makers to consider the use and application of leading-edge technologies
12. Adds to team culture of diversity, equity, inclusion, and respect
13. Work closely with Line of Business architects and Product infrastructure technologists to develop resilient architectures, design patterns and solutions that cover primary Plausible Destructive Event scenarios, ensuring that these are designed and implemented in a resilient manner
14. Be key Subject Matter Expert leader across the technology organization on resiliency programs and initiatives
15. Provide guidance and oversight in the development and implementation of resiliency controls to provide continuous monitory of the Firms capability to recover from a cyber malware event. As well as ensuring that Cyber recovery playbooks are clearly defined, documented, communicated, adhered to, and are audit compliant
16. Define and implement post-mortem / root-cause analysis processes – develop improved testing scenarios based upon analysis
Required qualifications, capabilities, and skills
17. Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
18. Advanced in one or more programming languages or applications
19. Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (., public cloud, artificial intelligence, machine learning, mobile,
20. Ability to tackle design and functionality problems independently with little to no oversight
21. Practical cloud native experience
22. Ability to evaluate current and emerging technologies to select or recommend the best solutions for the future state architecture
23. Proven leader with successful track record driving large scale technology projects from inception to implementation, including strength in both business and technical requirements analysis
24. Ability to think strategically on how to create firm wide solutions to meet business requirements and ability to communicate effectively to both business and technical audiences coupled with strong written and verbal communication skills, including the ability to present to larger audience and manage large working group
25. Ability to orchestrate and drive complex strategies and solutions
26. Proven ability to build strong, cohesive partnerships with the business, operations, technology & other key stakeholders, including external vendor partners, and work effectively in a matrix organization
27. Superior analytical and problem-solving skills, including the ability in conducting security design reviews and recognizing vulnerabilities in systems
Preferred qualifications, capabilities, and skills
28. Strong hands-on experiences and technical depth in one, or more technology areas, including Data security, Infrastructure security, Endpoint/Platform security, Distributed Technologies, Replication technology, data security, Cloud or Application Security. Some Programming experiences in one or more languages (scripting/functional/imperative -- C/C++, Java, Python, Scala, R, SQL, would be advantageous
29. Knowledge of network security architecture concepts, including topology, protocols, components, and principles would be advantageous
30. Prior experience in cybersecurity design / engineering would be advantageous
31. Prior experience in disaster and/or cyber recovery planning and testing would be advantageous.
32. Prior experience working with external auditors and regulators would be advantageous
33. In depth knowledge of system and application vulnerabilities. OWASP, NIST, SANS…
34. Bachelor's degree in Computer Science, or a related field as well as accreditation in CISSP, CISM, CISA, CRISC, AWS would be a bonus