Principal Security Controls Engineer

As a Principal Security Controls Architect at JPMorganChase within CTO Global Technology Asset Management you will take ownership of one of the most consequential engineering challenges in enterprise security building the control architecture and asset governance model that determines how a global technology organization measures enforces and demonstrates security assurance. You will reimagine the technology control ecosystem architect the Control design and automation pipelines that replace manual evidence collection and establish the governance standards that satisfy both engineering teams and regulatory examiners. Your influence will extend well beyond your immediate team shaping how risk is understood and managed across the entire firm. If you are looking for a role where your engineering decisions have lasting enterprise-wide impact this is it.

Job responsibilities

• Define and drive the strategy and roadmap for technology control architecture across Global Technology Asset Management aligning to regulatory expectations and firmwide security standards
• Establish and enhance an enterprise-grade asset taxonomy including critical metadata ownership lifecycle state and control applicability
• Architect and design control patterns that are reusable and scalable reducing manual processes and improving auditability
• Partner with platform and product teams to embed controls into the asset lifecycle
• Define control coverage and control health metrics dashboards and operational mechanisms to measure effectiveness exceptions and remediation progress
• Evaluate select and implement security/control process/tooling to improve asset transparency control automation and evidence quality
• Continually assess new trends in technology and determine implications on the overall security control process
• Drive security engineering thought leadership within the product line
• Champion the firms culture of diversity opportunity inclusion and respect
  

Required qualifications capabilities and skills

• 10 years in cybersecurity security and technology controls ITAM or related engineering and risk domains including senior-level leadership and delivery ownership
• Demonstrated experience architecting security and technology controls at scale
• Strong experience with asset inventory asset lifecycle management and taxonomy and metadata modeling including how taxonomy drives control applicability and coverage
• Experience building automation-first solutions including CI/CD pipelines infrastructure-as-code and automated evidence collection and monitoring frameworks
• Strong engineering depth and ability to partner with developers
• Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards grounded in a strong working knowledge of current and evolving security control frameworks
• Ability to present and influence executive audiences articulate complex technical risk clearly and drive decisions across stakeholders