Information Security Manager Lead (EMEA Payments)

The Information Security Manager (ISM) is responsible for coordinating the organization, framework, program and approach for the JPMC security architecture, policies, standards, risk assessments, monitoring, and certification around technology. This role engages in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators.

The role is part of the Cybersecurity & Technology Controls organisation. The group is a risk partner and consultant to the Corporate Investment Bank (CIB), accountable for driving control compliance with policies and standards and targeting prioritized solutions/architectures to reduce risk. We operate within a complex landscape driven by client expectations and the vastness/variety that comes with operating in 53 countries across the globe.

Role Scope

The EMEA Payments ISM Lead will be responsible for overseeing the cybersecurity and technology control posture of our payments platforms operating across the high value, low value, and real-time payment environments. Within EMEA, JP Morgan conducts business on multiple payment schemes including BACS, SEPA, SEPA Instant, UKFPS and TARGET2. Globally, JP Morgan is responsible for ~$10T of payments on a daily basis. The EMEA Payments ISM Lead will instill appropriate governance to manage and proactively identify issues and changes in the risk profile of the underlying systems. They will support Application, Product, and Information Owners in understanding the end-to-end risk posture of the applications and infrastructure to ensure appropriate controls are implemented and operating effectively for existing systems and new application development. The ISM will curate a robust risk and control environment ensuring technology solutions comply with firmwide risk and regulatory requirements.

Qualifications, Skills, and Experience

• Technology risk management: candidate likely to have demonstrable technology experience across a broad range of architectures. Security Architecture experience with hands on experience leading, designing and delivering technology solutions
• Successful candidate is likely to have held roles such as Security Architect, IT Risk Manager, Risk Manager, IT Manager, Information or IT Security Manager, IT Audit Manager, IT Incident Manager or Business Continuity Manager, security analyst
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
• Understanding of applicable regulatory standards governing technology payments platforms, particularly aligned to EMEA regulatory frameworks (e.g., CHAPS, PSD2, etc.)
• Extensive experience with securing cloud (both public and private), multitenant and hybrid environments
• Solid experience designing secure applications from the ground up (SSDLC)
• Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using Threat Modeling methodologies (e.g., STRIDE)
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Relevant business experience/qualifications/knowledge: Expertise established in assessing and articulating technology risk in the context of various other operational risks and challenges facing the organization
• Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends
• Strong leadership skills with exceptional communication and presence
• Bachelor’s degree or equivalent experience
• Relevant technical qualifications preferred such as MIRM, CRISC, CISM, CISA, CISSP, AWS Certified Security, etc.

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.

When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech organizations. In our global technology centers, our team of 50,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $11B annual investment in technology enables us to hire people to create innovative solutions that are transforming the financial services industry.

At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.