Global Services Operations (GSO) is responsible for operations service support delivery for JPMorgan Chase's Global Technology Infrastructure (GTI). Through its Global Service Desk and Infrastructure Operations Centers, GSO provides global, coordinated diagnostic and support services, while its’ Production Assurance and Support functions leverage and execute industry-leading infrastructure management and support processes that are designed to minimize customer outages and impacts. Within GSO, the Critical Infrastructure Operations team was formed to provide high level / dedicated 24*7 operations support via a follow the sun model for the firm’s most vital core systems. This dedicated team focusing on Encryption and Key Management will provide the highest degree of service for their aligned technologies as well as drive service improvement and ensuring the highest availability, resiliency for full commercial-grade operations.
As an Encryption and Key Management Systems Administrator within the GSO Critical Infrastructure Operations team, you will be responsible for infrastructure and application operations support for the Vormetric data encryption, AD-PKI Certificate Authority and Gemalto Key Management platforms. These technologies support JPMC’s complex business technology application footprint with duties including: incident resolution, providing subject matter expertise to other team members, driving improvements, and ensuring the highest degree of resilience and top tier support resulting in uninterrupted encryption services availability. Driving service improvement across the environment is key to the role: managing all service delivery resiliency, efficiency, and audit programs as well as ensuring engineering standards and products are integrated across the platforms. The scope of responsibilities will entail trouble ticket investigations, participation in root cause analysis, resolution, implementing, measuring, and improving all processes, procedures, and activities required to ensure maximum availability, utility, flexibility, and responsiveness of the production environment. The qualified applicant will become part of JPMC’s Key Management IT Support Team that administers the Vormetric Data Security Managers (DSM), Microsoft Certification Authorities (CA) and supporting technologies that are part of the Key Management service offerings.
Role Description & Responsibilities:
Encryption and Key Management Systems Administrator position is for the operational support and service delivery of the firmwide Key Management, Certificate Authority and Encryption services. Responsibilities include:
- Manage, maintain, operate and troubleshoot Encryption Infrastructure (Vormetric & Gemalto), Microsoft Active Directory PKI system and PKWare SmartCrypt system
- Perform Data Encryption onboarding tasks - applying encryption guard points, monitor logs, review & fix log infractions, amend encryption policies, switch from learning to blocking mode etc.
- Create/modify encryption policies and write security rules based on rule definitions and specific requirements
- Manage LOB communications for Encryption onboarding.
- Serve as operate team and provide on call support for Encryption, KMS, PKWare and PKI services.
- Review Splunk Dashboards and reports to enumerate policy infractions.
- Manage access rights, policies, certificates and keys.
- Take part and perform High availability / Disaster Recovery tests
- Administration of Windows 2012 Active Directory Services including CA, HSMs, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS).
- Administration of certificate revocation servers like Online Responder service (OCSP) and Certificate Revocation List (CRL) servers.
- Patch servers – Vormetric appliances, Splunk servers, CA servers and CRL/OCSP servers
- Monitor SCOM management console for alerts and act on them to resolve issues associated with service availability and operation.
- Perform daily health checks of Encryption and PKI infrastructure
- Implement configuration changes to Encryption and PKI environment that are approved by the Service Engineering team using change management process
- Install/decommission Encryption HW, SW and PKI servers
- Serve as the first level escalation point for support issues
- Promote best practices to ensure the risk profile is minimized and security posture enhanced
- Operations of cyber related products including encryption and access control services
- Develop, document and continuously improve the support model and underlying processes