Tech ISM – Payments
The Information Security Manager (ISM) is responsible for coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.
The role is part of the Cybersecurity & Technology Controls organization . The group is a risk partner and consultant to the Corporate Investment Bank (CIB), accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk. We operate within a complex landscape driven by client expectations and the vastness/variety that comes with operating in 53 countries across the globe.
The Payments Channels, Trust & Liquidity (CTL) ISM Lead will be responsible for overseeing the cybersecurity and technology control posture of our payment applications supporting the following business product lines: Global Liquidity and Cash Management, Client Service and Implementation, Digital Channels, Trust and Safety (Fraud and Sanctions), Technology for E-Commerce Marketplace, Payments Data Analytics and Solutions, Engineering and Architecture, and Onyx (Blockchain Distributed Ledger). The Payments CTL ISM Lead will instill appropriate governance to manage and proactively identify issues and changes in the risk profile of the underlying systems. They will support Application, Product, and Information Owners in understanding the end-to-end risk posture of the applications and infrastructure to ensure appropriate controls are implemented and operating effectively for existing systems and new application development. The ISM will curate a robust risk and control environment ensuring technology solutions comply with firmwide risk and regulatory requirements.
Qualifications, Skills, and Experience:
- Technology risk management: candidate likely to have 7+ years technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions
- Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst
- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
- Understanding of applicable regulatory standards governing technology payments platforms (e.g., FFIEC, SOC1, SOX, CHAPS, PSD2, etc.)
- Extensive experience with securing cloud (both public and private), multi-tenant and hybrid environments
- Solid experience with designing secure applications from the ground up (SDLC), Data Analytics with AI/ML, Authentication and Authorization, and Blockchain
- Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g., STRIDE)
- Advanced knowledge of multiple IT control and project management practices and experience working across large environments
- Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
- Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
- Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization
- Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends
- Strong leadership skills with exceptional communication and presence
- Bachelors degree or equivalent experience
- Relevant technical qualifications preferred such as CRISC, CISM, CISA, CISSP, AWS Certified Security, etc.
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the worlds most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants and employees religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the WELL Health-Safety Rating for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firms current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firms vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
Equal Opportunity Employer/Disability/Veterans
Jersey City,NJ $128,250.00 – $190,000.00 / year