Tech ISM Payments

Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets. Additionally, the ISM will be coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology.  This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.

The Payments ISM will be responsible for overseeing the cybersecurity and technology control posture of our payment applications across the following business product lines: Global Liquidity and Cash Management, Client Service and Implementation, Digital Channels, Trust and Safety (Fraud and Sanctions), Technology for E-Commerce Marketplace, Payments Data Analytics and Solutions, Engineering and Architecture, and Onyx (Blockchain Distributed Ledger).  The Payments ISM will instill appropriate governance to manage and proactively identify issues and changes in the risk profile of the underlying systems.  They will support Application, Product, and Information Owners in understanding the end-to-end risk posture of the applications and infrastructure to ensure appropriate controls are implemented and operating effectively for existing systems and new application development.  The ISM will curate a robust risk and control environment ensuring technology solutions comply with firmwide risk and regulatory requirements.  

This role requires a wide variety of strengths and capabilities, including:

• Technology risk management: candidate likely to have 7+ years technology experience across a broad range of architectures.  Security Architecture experience with hands on experience leading, designing and delivering technology solutions
• Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• Understanding of applicable regulatory standards governing technology payments platforms (e.g., FFIEC, SOC1, SOX, CHAPS, PSD2, etc.)
• Extensive experience with securing cloud (both public and private), multi-tenant and hybrid environments
• Solid experience with designing secure applications from the ground up (SDLC), Data Analytics with AI/ML, and Authentication and Authorization
• Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g., STRIDE)
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization
• Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends
• Strong leadership skills with exceptional communication and presence
• Bachelor’s degree or equivalent experience
• Relevant technical qualifications preferred such as CRISC, CISM, CISA, CISSP, AWS Certified Security, etc.