Principal Cybersecurity Architect - Database Security Product Security Lead

Take your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.

As a Principal Cybersecurity Architect at JPMorganChase within the Cybersecurity and Technology Controls line of business, you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.

This role serves as a Product Security Lead (PSL) for the database product line, you will work proactively with your technology and business colleagues to identify and quantify security issues within their products and empower them to take decisive risk decisions at speed and scale. You are a security expert with a strong mix of database technology and communication skills and are passionate about enabling safe and secure innovation to make database products secure. You will work with some of the best and brightest cybersecurity and technology engineers to solve complex problems which will both challenge you and help you develop your skills in one of the most innovative and respected companies in the world.

Job responsibilities

• Cultivate security culture. Products that have the right security culture will strive to prioritize sustainable controls and driving real risk reduction outcomes.
• Embed threat modeling, security architecture, secure code review into product and application teams so they adopt our control products and create products that are secure from the start.
• Know database products across their breadth and depth. Be fluent in your products strategy and roadmap as well as its key investment programs.
• Be your products security thought leader. Learn from your product and cybersecurity teams and share best practice in both directions. Be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains.
• Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause
• Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives.
• Advises cross-functional teams on technology selections and decisions to achieve target state cybersecurity on improvements to current cybersecurity parameters
• Develops multi-year roadmaps aligned with business and architecture strategy and priorities
• Serves as the functions go-to subject matter expert and drives thought leadership within the product line
• Contributes to the development of technical methods in cybersecurity in line with the latest product development methodologies
• Participates in the firms culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on cybersecurity architecture concepts and 10+ years applied experience
• Experience in a successful security and risk organization with strong security and technical skills. Experience of operating in a regulated organization with a 3LoD (Line of defense) model is also needed
• Delivery excellence mixed with strategic vision.
• Able to communicate effectively and authoritatively with technical and non-technical stakeholders at all levels of the organization.and clearly explain complex technical concepts in simple terms.
• Demonstrated success in influencing peers inside and outside your department.
• Ability to drive change across organizations, collaborating with partners across Global Tech and other Lines of Business,identify challenges and engage resources across all roles and levels to identify and implement innovative solutions, and quickly digest new information/technologies and apply diverse experience and principles to be able to quickly come up to speed and add value in product security discussions.
• Demonstrated experience / understanding with platform technologies including but not limited to: 1) A detailed, technical understanding of Public Cloud computing (GCP/AWS). Especially how Public Cloud services are hardened, and controls are applied to secure data, ensure resiliency/availability as well as prevent unauthorized access. 2) APIs/ micro-services 3) Database Technology 4) Identity & Access Management as well as Secrets Management, 5) Securing Software as a Service (SaaS) tool, 6) Securing Containerized workloads at build and runtime
• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• Experience applying expertise and new methods to determine solutions for complex architecture problems in one or more technical disciplines
• Ability to present and effectively communicate with senior leaders and executives
• Understanding of the business and knowledgeable of latest risk trends in the internal and external environments

Preferred qualifications, capabilities, and skills

• Demonstrated ability to collaborate on, and/or lead, ad hoc teams for control architecture and design.
• Experience within Line of Business teams with ability to leverage business perspectives when solving technology challenges
• Experience fulfilling audit requests, challenging observations/findings and driving successful outcomes in technology audits
• Proven ability to drive change in policy and control requirements at a firmwide level
• Experience translating firmwide policy or regulatory requirements into control design and definition for Software Engineers and Solutions Architects
• Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) preferred but not required
• Thinks in terms of risks and outcomes, and able to translate those into actions required to achieve business and technology goals. Proven experience of upskilling and learning modern technologies.