Apply Now    

Security Architect Lead - Digital

Req #: 170079914
Location: Chicago, IL, US
Job Category: Technology
Job Description:

Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.3 trillion and operations in more than 60 countries We serve more than 50 million consumers and small businesses through more than 5,600 bank branches, 18,700 ATMs, credit cards, mortgage offices and online and mobile banking as well as through relationships with auto dealerships.


As a Chase employee, you’ll be part of a company that makes a real difference every day for our customers, our communities and ourselves. With a focus on customer service, you’ll put others first, do what’s right and create solutions that make lives better. We invite you to build your career on our strong foundation and help shape what’s next – for you and for us.


Chase is undertaking an aggressive digital transformation agenda, which builds on the success of the current mobile and online service offerings. Chase is investing in innovative ways to deepen customer engagement and profitability through the use of digital channels. The ambition is to position Chase as the undisputed leader in digital financial services and payments and to enable Chase to deliver the highly personalized, real time experiences that customers increasingly expect.


The online and mobile channels for Chase currently support more than 32 million active customers; 9 million customers interact with us daily, making Chase the most visited banking portal in the US.   Within Consumer and Community Banking, the Digital IT team is responsible for setting and executing strategies that align with business objectives and drive innovation across Chase Online and Mobile, helping to establish the best Digital banking customer experience in the industry.

JPMorgan Chase remains a well recognized leader in Security and Risk Management areas of Information Technologies.  This is especially the case for protecting and managing the sensitive data about our clients and partners. and the extended family of our digital applications are positioned at the front line of the Information Security domain. With the development of innovative services comes the challenge of establishing controls that reassure and protect our customers, and help guard against cyber security threats.
The Digital Architecture team is building the future of Digital banking platform and Security Architecture is a key role.  This position represents an opportunity to participate in next generation platform development and to share its future successes. 
The Security domain for the Digital platform includes security oversight on Digital assets such as shared framework, custom code, security-specific implementations, and data protection in transit and at rest.  The major components are the Digital Authentication and Authorization applications and the integration components to any other authentication system or vendor.  The domain includes include the portion of the Digital experiences that maintain the users' identity for the life of the user's session.  Since the site and its supporting systems are constantly evolving, the Digital Security architect is responsible for defining and advocating the strategic direction of the Digital Security Architecture, the governance of the solution security architecture implementation, and providing the security reference architecture for the platform.
Additionally, the Security Architect may participate in and even drive the architecture on given projects.  In specific strategic cases, the role will require direct collaboration with a implementation delivery team where the architect is relied on to provide intimate direction to the team. 
The position requires the architect to identify issues in a collaborative environment and often bring those issues to closure independently.  Within the Digital team and across the larger JPMorgan Chase (JPMC) IT team, you will work with various IT and business stakeholders to ensure that the Digital technical roadmap and blueprints are in line with the business and product strategies as well as aligned with complementary IT Security Architecture in the JPMC, Global Technology and LOB IT areas.  Your ability to collaborate and reach consensus in a high paced environment will be a significant and required asset.
You will be also challenged with understanding the business needs fast, and with balancing them against technical constraints and operational impacts in order to develop a solution that is ultimately the best option.
Responsibilities include:
  • Define, document and deliver the Digital Security Architecture target state and a roadmap.
  • Govern the Security Architecture during project delivery by enforcing the use of existing and evolving solutions and patterns.
  • Introduce improvements in security implementation patterns and design.
  • Provide Subject Matter Expertise for the managed Risk & Security Platform to a multiple cross-LOBs forums and panels, auditors, technologists, and senior management.
  • Play a lead role in technology and security investigatory exercises related to Architecture.  Participate in Platform audits of both business process and technology.

  • An extensive working experience and advanced knowledge for Authentication, Authorization and Identity Management application domains.
  •        Experience in managing and mentoring small team of architects/developers

  • Experience in risk based authentication and step up protective measures
  •       Fundamental experience in defensive security constructs, including digital signatures, digital certificates, PKI, firewalls

  •       Experience in application security, e.g. OAuth, multi-factor authentication, TLS, securing hybrid native and web apps in mobile platforms

  •       Familiarity with rooting or jail-breaking iOS and Android devices to discover mobile application vulnerabilities

  • Understanding of information security and risk management challenges, issues mitigations and remediation.
  • Strong knowledge of OWASP top 10 security issues for web/ mobile. Remediation patterns.
  • An ability to provide solutions to common web application vulnerabilities i.e. sql injection, cross site scripting, web cookie security, session management, etc.
  • Solid understanding of Data Security and Network Security with a focus on OSI reference model Layer 2- Layer 7.
  • Experience with secure coding practices, thread modeling, vulnerability assessment.
  • Expertise in at least any 2 out of: networking and transport protocols, routing solutions, proxy and reverse proxy servers, browsers implementation/specifics, html/xhtml/xml, Javascript, encryption and hashing, SiteMinder, LDAP.
  • Solid understanding of current web and web application servers.
  • Experience with and understanding of architecture concepts, large system development (particularly web-based .Net and/or Java/J2EE).
  • Minimum seven years of technical delivery experience with a minimum of five years in Architecture or Application Development.
  • Prior architecture experience, with experience in analysis and design work.
  • Strong analytical and communication (verbal and written) skills.
  • Certifications with CISSP, CISA, CISM is a strong plus.
  • Siteminder SDK Experience is a plus.
  • Agile Development Experience is a plus.
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.