Tech ISM Payments

Job Description
Our Information Security professionals are passionate about information security and control solutions for computing environments. While managing a world-class team of technology experts, you'll partner with one or more disciplines, lines of business, regions or locations to respond to evolving business requirements and emerging threats. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments, identifying threats, communicating with senior leaders and other stakeholders, and managing budgets. Additionally, the ISM will be coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.
The Payments ISM will be responsible for overseeing the cybersecurity and technology control posture of our payment applications across the following business product lines: Global Liquidity and Cash Management, Client Service and Implementation, Digital Channels, Trust and Safety (Fraud and Sanctions), Technology for E-Commerce Marketplace, Payments Data Analytics and Solutions, Engineering and Architecture, and Onyx (Blockchain Distributed Ledger). The Payments ISM will instill appropriate governance to manage and proactively identify issues and changes in the risk profile of the underlying systems. They will support Application, Product, and Information Owners in understanding the end-to-end risk posture of the applications and infrastructure to ensure appropriate controls are implemented and operating effectively for existing systems and new application development. The ISM will curate a robust risk and control environment ensuring technology solutions comply with firmwide risk and regulatory requirements.
This role requires a wide variety of strengths and capabilities, including:

• Technology risk management: candidate likely to have 7+ years technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions
• Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• Understanding of applicable regulatory standards governing technology payments platforms (e.g., FFIEC, SOC1, SOX, CHAPS, PSD2, etc.)
• Extensive experience with securing cloud (both public and private), multi-tenant and hybrid environments
• Solid experience with designing secure applications from the ground up (SDLC), Data Analytics with AI/ML, and Authentication and Authorization
• Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g., STRIDE)
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization
• Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends
• Strong leadership skills with exceptional communication and presence
• Bachelor's degree or equivalent experience
• Relevant technical qualifications preferred such as CRISC, CISM, CISA, CISSP, AWS Certified Security, etc.

About Us
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
About the Team
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.