Apply Now    

Data Protection Technology Lead

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Cyber Security is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
The Data Protection Technology Lead will focus on establishing a security framework for data protection within JPMC.  This role will interface heavily with all lines of business to provide Cyber guidance and ensure technologies provided to end users are configured and delivered in conformance with Cyber best practices. 
This role will ensure the security framework is clearly defined in policies, standards and procedures that support global information security architecture objectives. Security controls and hardening standards relevant to core platforms will be defined and maintained. You will liaise with stakeholders across the firm to drive strategic execution of key imperatives.  You will ensure that intended objectives are able to be adopted by impacted stakeholders, and changes are clearly and comprehensively communicated. The role requires a strong leader who is also a self starter who can understand program objectives, create or modify controls using a logical and standardized approach, and independently and proactively engage internal partners to align on an agreed upon solution.  This role will also ensure that associated security risks concerns are embedded in supporting processes (e.g. 3rd party, cross impacted Cyber functions, etc.). 
Primary Duties and Responsibilities
  • Define the firm’s data protection strategy
  • Lead innovation, technology selection and implementation of cutting edge build outs (where the requirement exists) in relation to Data Protection
  • Own and manage the entire lifecycle from concept to successful day to day integration and monitoring
  • Lead a technical team to deliver solutions globally for all lines of business
  • Establish secure configuration and cyber controls management
  • Define Cyber controls (standards) for core platforms understanding the complex and diverse nature of JPMC which must be implementable and measurable from a compliance perspective
  • Contribute toward an execution strategy that focuses on embedding security controls into existing practices to enhance effectiveness. 
  • Success will be measured by the comprehensiveness of associated standards/procedures
  • Participate in cross LOB working groups to review and approve proposed architecture and support presentations to various leadership groups for final approval
  • Update applicable standards and procedures translating security requirements into easily understood controls
  • Maintain a deep understanding of the core discipline(s) for which you support (SME)
  • Ensure that ancillary processes (3rd party risk, assessments, etc) accurately reflect control requirements
  • Assessing cryptographic approaches, requirements, and capabilities
  • Evaluating existing solutions and providing feedback to strengthen
  • Utilize emerging trends, technical reviews, security threats, business requirements, and architectural views in order to provide input on solutions
  • Collaborate with business and technology partners to understand the firm’s business goals, use of cryptography in business processes and cryptographic requirements
  • Provide support in guiding business and technology partners on cryptographic and data protection matters
  • Collaborate on cryptographic best practices, risks, interpretation of firm-wide standards, etc.
  • Create design templates and best practices on cryptographic implementations
Bachelors degree in Computer Science, Engineering or related field along with a minimum of 10-15+ years of directly related experience.
  • Hands on experience with corporate IT cryptographic solutions
  • Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across application, backup, database, endpoint device, email, file, network, removable media and storage domains. It is desired to have worked with vendor based implementations such as Cloud-based, Cisco, EMC, IBM, Microsoft, Oracle, RSA, Sybase, Voltage, Vormetric, Secure Islands, Titus, etc.
  • Working experience with key management (KMIP and PKCS#11), distribution and administration (user and machine based)
  • Direct involvement in cryptographic and key management programs
  • Supporting cryptographic strategy, policies, standards and compliance procedures
  • Solid understanding of security, encryption, authentication, key management, and applied cryptography
  • Supporting security architectures involved with authentication, authorization and cybersecurity
  • Knowledge of cryptographic algorithms, protocols, implementation and standards (e.g., AES, AES Modes: CTR; CBC; FPE; etc., DES/TDES, DH, DNSSEC, ECC, IBE, Kerberos, IPSec, MD5, OpenSSL, RSA, SHA*, SSL/TLS and ANSI, IETF, NIST, FIPS, PKCS, PKI)
  • Understanding of country based legal and regulatory requirements for cryptography, information confidentiality, and privacy
  • Digital rights management and data classification
  • Well versed with current solutions in the DLP/CASB landscape
  • Equally as well versed with data exfil mechanisms and ability to identify risk
  • This position is anticipated to require the use of one or more High Security Access (HSA) systems.  Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter.  The enhanced screening will need to be successfully completed prior to commencing employment or assignment.
Req #: 160027638
Location: Columbus, OH US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.