Information Security Management - VP

Job Description

About JPMorgan Chase: The Cybersecurity & Technology Controls (CTC) group at JPMorgan Chase aligns the firm s cybersecurity, access management, controls and resiliency agenda. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; We aim to balance these sound controls with efficiency, through smart process and automation.The group s number one priority is to enable the business by keeping the firm safe, stable and resilient.Role Details:The prime responsibilities of the Information Security Software Engineer role is to identify, quantify and proactively automate tasks currently performed by people, performing the Information Security Manager (ISM) role, as part of supporting making ISMs more efficient in their duties. This exciting role is to join a small engineering team located globally who currently design and develop firmwide automation that assists the larger ISM community. Automation challenges typically include confirming business requirements, identifying systems of record and how to programmatically access them to extract reference data; data joining and processing to provide insightful and informative reports and dashboards to the end users.Automation benefits include reducing risk posture and improving tracking of issue resolution. It is about creating the new NextGen powerful toolset. These tools empower the latest generation of ISM staff as they drive effective risk & controls management and support the business through identification of control weaknesses and recommendations for improved security.Responsibilities:

• Jointly Operating And maintaining the current CT Reporting Suite application framework
• Creating new automations in support of our ISM customers, within the CTRS application
• Advancing use of end to end private cloud to host and deliver our internal services.
• Leveraging and realizing efficiencies possible with the latest tool chain SLDC
• The IS software engineering team have a remit find efficiencies and improvements within their estate; to use imagination and new tooling, to increase capabilities and deliver wins.

Required Skills:

• Programming languages required are: Python, Django,
• Thorough understanding of JSON objects
• Working knowledge of SQL based databases
• Working knowledge of how to call APIs, web requests, web methods of authentication

Preferred Experience:

• HTML, Javascript, CSS, general website development knowledge
• Applicable working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
• Preferable experience in multiple modern development practices (e.g. microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
• Preferable experience of Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
• Preferable experience in enterprise Identify and Access Management solutions, (e.g. Federated Identity, Privileged Access management, Active Directory, Role Based Access Control)
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
• Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.
• Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends

,

Keyskills :
software development life cyclemicrosoft azurethreat modelingactive directoryservice deliveryaccess managementservice providerssoftware developmentinformation securitysoftware engineeringapplication security