Security Architect Jpmorgan Chase & Co.
New York, NY

Job Description

Security Architect

Req #: 190010814

Location: New York, NY, US

Job Category: Digital

Job Description:

Chase is the U.S. consumer and commercial banking business of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.3 trillion and operations in more than 60 countries We serve more than 50 million consumers and small businesses through more than 5,600 bank branches, 18,700 ATMs, credit cards, mortgage offices and online and mobile banking as well as through relationships with auto dealerships.

Within Chase, Consumer Banking provides great products and an outstanding customer experience at over 5,600 branches and 18,700 ATMs in 23 states, as well as online and over the phone.

As a Chase employee, you'll be part of a company that makes a real difference every day for our customers, our communities and ourselves. With a focus on customer service, you'll put others first, do what's right and create solutions that make lives better. We invite you to build your career on our strong foundation and help shape what's next - for you and for us.

Digital Organization

JPMorgan Chase remains a well recognized leader in Security and Risk Management areas of Information Technologies. This is especially the case for protecting and managing the sensitive data about our clients and partners.

Chase.com and the extended family of our digital applications are positioned at the front line of the Information Security domain. With the development of innovative services comes the challenge of establishing controls that reassure and protect our customers, and help guard against cyber security threats.

The Digital Architecture team is building the future of Digital banking platform and Security Architecture is a key role. This position represents an opportunity to participate in next generation platform development and to share its future successes.

The Security domain for the Digital platform includes security oversight on Digital assets such as shared framework, custom code, security-specific implementations, and data protection in transit and at rest. The major components are the Digital Authentication and Authorization applications and the integration components to any other authentication system or vendor. The domain includes include the portion of the Digital experiences that maintain the users' identity for the life of the user's session. Since the site and its supporting systems are constantly evolving, the Digital Security architect is responsible for defining and advocating the strategic direction of the Digital Security Architecture, the governance of the solution security architecture implementation, and providing the security reference architecture for the platform.

Additionally, the Security Architect may participate in and even drive the architecture on given projects. In specific strategic cases, the role will require direct collaboration with a implementation delivery team where the architect is relied on to provide intimate direction to the team.

The position requires the architect to identify issues in a collaborative environment and often bring those issues to closure independently. Within the Digital team and across the larger JPMorgan Chase (JPMC) IT team, you will work with various IT and business stakeholders to ensure that the Digital technical roadmap and blueprints are in line with the business and product strategies as well as aligned with complementary IT Security Architecture in the JPMC, Global Technology and LOB IT areas. Your ability to collaborate and reach consensus in a high paced environment will be a significant and required asset.

You will be also challenged with understanding the business needs fast, and with balancing them against technical constraints and operational impacts in order to develop a solution that is ultimately the best option.

Responsibilities include:

* Define, document and deliver the Digital Security Architecture target state and a roadmap.
* Govern the Security Architecture during project delivery by enforcing the use of existing and evolving solutions and patterns.
* Introduce improvements in security implementation patterns and design.
* Provide Subject Matter Expertise for the managed Risk & Security Platform to a multiple cross-LOBs forums and panels, auditors, technologists, and senior management.
* Play a lead role in technology and security investigatory exercises related to Architecture. Participate in Platform audits of both business process and technology.

Qualifications:

*

An extensive working experience and advanced knowledge for Authentication, Authorization and Identity Management application domains.
* Experience in managing and mentoring small team of architects/developers
* Experience in risk based authentication and step up protective measures
* Fundamental experience in defensive security constructs, including digital signatures, digital certificates, PKI, firewalls
* Experience in application security, e.g. OAuth, multi-factor authentication, TLS, securing hybrid native and web apps in mobile platforms
* Familiarity with rooting or jail-breaking iOS and Android devices to discover mobile application vulnerabilities
* Understanding of information security and risk management challenges, issues mitigations and remediation.
* Strong knowledge of OWASP top 10 security issues for web/ mobile. Remediation patterns.
* An ability to provide solutions to common web application vulnerabilities i.e. sql injection, cross site scripting, web cookie security, session management, etc.
* Solid understanding of Data Security and Network Security with a focus on OSI reference model Layer 2- Layer 7.
* Experience with secure coding practices, thread modeling, vulnerability assessment.
* Expertise in at least any 2 out of: networking and transport protocols, routing solutions, proxy and reverse proxy servers, browsers implementation/specifics, html/xhtml/xml, Javascript, encryption and hashing, SiteMinder, LDAP.
* Solid understanding of current web and web application servers.
* Experience with and understanding of architecture concepts, large system development (particularly web-based .Net and/or Java/J2EE).
* Minimum seven years of technical delivery experience with a minimum of five years in Architecture or Application Development.
* Prior architecture experience, with experience in analysis and design work.
* Strong analytical and communication (verbal and written) skills.
* Certifications with CISSP, CISA, CISM is a strong plus.
* Siteminder SDK Experience is a plus.
* Agile Development Experience is a plus.