Senior Lead Security Controls Engineer

Join a team where your engineering expertise directly shapes how Technology/Cyber controls are built governed and scaled across a global technology organization. Here you will make a direct and meaningful impact contributing to work that matters at every level of the firm.

As a Senior Lead Security Engineer at JPMorganChase within CTO Global Technology Asset Management you will be a technical leader responsible for engineering scalable technology controls while also strengthening technology asset governance so that control applicability evidence and reporting are consistent and auditable across hybrid environments. Your work will directly influence how the firm manages risk and maintains trust across its global technology infrastructure.

Job responsibilities

• Design and implement a technology asset governance framework: taxonomy standards mandatory metadata ownership and attestation model lifecycle states stewardship expectations and adoption mechanisms
• Define and maintain asset classification and criticality rules (e.g. tiering criticality environment data sensitivity internet exposure) and map them to control applicability and required evidence
• Lead the design and implementation of reusable control patterns
• Define and advance technology asset taxonomy and mandatory metadata standards
• Establish pragmatic asset governance mechanisms aligned to engineering and risk requirements
• Engineer automated evidence collection and continuous monitoring pipelines
• Translate threat models and risk requirements into testable control requirements and enforceable governance rules
• Partner with Risk Compliance and Audit to ensure controls and governance are auditable by design
• Contribute to a team culture of diversity opportunity inclusion and respect

Required qualifications capabilities and skills

• 5 years of experience in security engineering IT asset management or risk and technology controls with demonstrated end-to-end delivery ownership
• Demonstrated experience designing and implementing technology controls at scale
• Experience building or operationalizing asset governance and asset management capabilities
• Practical experience with modern engineering practices including CI/CD pipelines infrastructure-as-code and automated testing frameworks
• Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards
• Ability to communicate clearly with senior stakeholders and drive alignment across engineering cybersecurity and risk partners
  

• Product mindset (roadmaps KPIs adoption) and experience partnering with product owners and managers
• Experience supporting audits and exams with high-quality repeatable evidence and well-governed exception processes
• Familiarity mapping controls and governance requirements to common frameworks such as NIST ISO 27001 or CIS Controls