Security Architect, Vice President - (Singapore or Hong Kong based)
Who We Are
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.7 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at www.jpmorganchase.com . What it Means To Work Here
Here, you'll feel welcomed and valued. Our clients, transactions, deals and projects are global so we work hard to create diverse, inclusive teams that support our business and each other. Learnabout our culture here .
Working asan Architect, your passion for technology and thirst for innovation will helpshape the future of global digital commerce, now and for years to come. Everyday, you'll bring critical day-to-day leadership and thinking to the table,working with teams of architects, aligning cross-functional projects, ensuringthat they're within reason, fiscally and technically. You'll collaborate withinternal teams and business leaders alike, creating strategically sound TargetState Architectures. You will have a major say in budgeting, hiring, mentoring,setting priorities and fostering a client-centric environment where everyonelearns and grows. At the end of the day, your work will have tremendous and positiveimpact, whether it's in-house, in collaboration with technologists acrossJPMorgan Chase & Co.'s global technology community or in partnership withsome of the most important tech firms in the world.
As an experienced professional in our cybersecurityorganization, you won't just watch over our data - you will find innovative newways to protect it today and into the future. To do that, you'll focus onanalyzing, designing, developing and delivering solutions built to stopadversaries and strengthen our security postures. You'll use your leadershipskills to secure complex environments, guide others, advise on best practicesand support our business and technology groups. What You Will Be Doing:
You will be taking a lead architectrole in the Greater China and Southeast regions. You'll help secure the firmthru secure design principals, harden reference architectures, best practices,new policies and emerging trends to strengthen our strategic roadmap. You willinterface with staff at all levels of the organization and the ability toremain technical while managing business expectations is highly important. By presenting your findings to seniorleaders, you'll sharpen your communication and presentation skills. As part ofour global team of technologists and innovators, your work will have a criticalimpact on our company, as well as our clients and our business partners aroundthe world.
- This is a hands-on builder & advisory role.
- Define, Deliver and maintain secure architecturethroughout the existing and future environments, consisting of complex, globalarchitectures.
- Secure modern technologies such as cloud, Kubernetes,containers, & serverless platforms to support the business, while remainingsecure and mitigating risk.
- Provide Subject Matter Expertise for Cyber Defenseteams and multiple lines of business, forums, panels, internal and external auditors,business partners, and senior management.
- Introduce improvements in implementation patterns andarchitectural design concepts.
- Be a strong technologist and a natural collaborator acrossthe firm.
- Research, design and apply advanced security techniques.
- Manage individual project priorities, deadlines and deliverables.
- Perform detailedgap analysis for impacting Regulatory events
- Mapping of greaterChina and Southeast Asia regulations to design principals.
- Partnering with the Global Technology Infrastructure (GTI) and othertechnical teams to ensure area owners are advise and oversee securitydesign and implementation are applied in a timely manner.
- Overseeing andensuring proper closure of regulatory change disposition in a timely manner andescalate to senior management as appropriate.
- Providing input tostrategic discussions to stakeholders inside the group and across the firm associatedwith improvement opportunities.
- Providing regularmanagement reporting to senior management and relevant stakeholders in businessunits.
This role requires a wide variety of strengths and capabilities, including:
- Minimum 10+ years of experience in Information security in an architect or similar role.
- Background in infrastructure, networking, & software engineering desired.
- Experience in security operations, risk management, security processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies.
- Well versed in application secure design principles, common attack patterns, OWASP top 10 risks/vulnerabilities/solutions and frameworks, etc.
- Knowledge of Threat Intel, APT groups, malware analysis, CAPSEC, MITRE ATT&CK framework is recommended.
- Understanding of SAML, ADFS, Privileged Access management, Active Directory, RBAC and Identity management in an enterprise environment.
- Experience in risk-based authentication and step up protective measures.
- Understanding of information security and risk management challenges, issues mitigations and remediation in a multi-national enterprise environment.
- Knowledge in Agile and can work with at least one of the common frameworks
- Breadth of experience across domains (e.g., enterprise security architecture, compute services, storage, networking, virtualization, data center, integration architecture (API), orchestration technologies (Openstack/Cisco), application development lifecycle management (DevOps, CI/CD), and service delivery).
- Demonstrated experience operating as a leader and leading others either directly or thru mentorship.
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
We recognize that our people are our strength and the diverse talents they bring to our global workforce is directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, or disability, or any other basis protected under applicable local law. In accordance with applicable local law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.