Information Security Manager

JP Morgan

Location: Greater London

Job Type: Full time


Role purpose and nature

The Information Security Manager (ISM) is responsible for coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.

Role is part of the Cybersecurity & Technology Controls organisation. The group is a risk partner and consultant to the Corporate Investment Bank (CIB), accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk. We operate within a complex landscape driven by client expectations, the requirements of being a US Broker Dealer and the vastness/variety that comes with operating in 53 countries across the globe. Our thought leadership is required across broad spectrum of topics in support of CIBs businesses and technologists.

Role scope
  • ISM delivering Security Architecture based consulting services through engagement with technology leaders across the CIB and CTC global organisations.
  • Conduct security architecture reviews and control design reviews across a diverse technology estate including Public/Private Cloud, Blockchain & Digital.
  • Member of security architects providing risk advisory service to CIB technology teams and leaders to define and agree technology control designs and strategies inclusive of authentication, authorisation, encryption, data protection and network security domains.
Distinguishing characteristics of the ideal candidate
  • Analytical and objective – able to elaborate on, characterize, assess and evaluate technology and technology related risks with clarity and rational;
  • Influencer and facilitator – able to build strong interpersonal relationships, and inform, guide and motivate managers and technologists to address risks with due care and attention to detail;
  • Strong communicator – able to explain risks that are often complex and obscure to less expert technologists or risk professionals. Equally good at listening and collaborating effectively with others to enable risk based responses;
  • A self-motivated leader - demonstrating a passion for risk management and thought-leadership in this domain;
  • Confident and trustworthy - passionate about building respect and trust across stakeholders and inspire other ISMs including junior and senior members of the team.
Qualifications, skills and experience

The following are relevant and desirable for this role:

  • Technology risk management: candidate likely to have 7+ years technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions.
  • At least 7 years work experience in the area of technology risk. Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst.
  • Extensive experience with securing cloud(both Public and private), multitenant and Hybrid environments.
  • Solid experience designing secure applications from the ground up (SSDLC)
  • Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g. STRIDE)
  • Conduct manual, language agnostic code review to identify security related vulnerabilities
  • Relevant technical qualifications such as MIRM, CRISC, CISM, CISA, CISSP, AWS Certified Security etc;
  • Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization.
You’ve got this!