Job Description:
The Data Protection Cyber Director will lead a team of 1-3 individuals focused on establishing a security framework for data protection within JPMC. This role will interface heavily with Global Technology (GTI) to provide Cyber support and ensure technologies provided by GTI to end users are configured and delivered in conformance with Cyber best practices.
This position is targeted for a technical executive in information management with extensive governance and compliance experience and a proven track record of identifying inadequacies and providing solutions.
The successful candidate will ensure the security framework is clearly defined in policies, standards and procedures that support global information security architecture objectives. Security controls and hardening standards relevant to core platforms will be defined and maintained.
Additionally, candidate will liaise with stakeholders across the firm to drive strategic execution of key imperatives. The successful candidate will ensure that intended objectives are able to be adopted by impacted stakeholders, and changes are clearly and comprehensively communicated.
Responsibilities
Provide Leadership and guidance in appropriately securing information owned, used, or provided by Cybersecurity
Create execution strategy that focuses on embedding security controls into existing practices to enhance effectiveness. Success will be measured by the comprehensiveness of associated standards/procedures
Lead and participate in cross LOB working groups to review and approve proposed architecture and support presentations to various leadership groups for final approval
Manage a diverse team of technologists focused on establishing secure configuration and management of cyber controls
Define Cyber controls (standards) for core platforms understanding the complex and diverse nature of JPMC. These controls must be implementable and measurable from a compliance perspective
Manage applicable standards and procedures translating security requirements into easily understood controls
Maintain a deep understanding of the core discipline(s) for which you support (SME)
Ensure that ancillary processes (3rd party risk, assessments, etc.) accurately reflect control requirements
Provide executive level updates as required
Responsible for coaching and mentoring less experience team members
Technical
Assessing cryptographic approaches, requirements, and capabilities
Evaluating existing solutions and providing feedback to strengthen them
Understanding emerging trends, technical reviews, security threats, business requirements, and architectural views in order to provide input on solutions
Collaborating with business and technology partners to understand the firm’s business goals, use of cryptography in business processes and cryptographic requirements
Providing support in guiding business and technology partners on cryptographic and data protection matters
Sharing of information about cryptographic best practices, risks, interpretation of firm-wide standards, etc
Creating design templates and best practices on cryptographic implementations
Qualifications
Strong leadership ability
8-10 years of experience in with corporate IT cryptographic solutions
Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across application, backup, database, endpoint device, email, file, network, removable media and storage domains. It is desired to have worked with vendor based implementations such as Cloud-based, Cisco, EMC, IBM, Microsoft, Oracle, RSA, Sybase, Voltage, Vormetric, Secure Islands, Titus, etc.
Working experience with key management (KMIP and PKCS#11), distribution and administration (user and machine based)
Bachelor’s degree in Computer Science, Computer Engineering, or Applied Mathematics required
Direct involvement in cryptographic and key management programs
Experience with supporting cryptographic strategy, policies, standards and compliance procedures
Solid understanding of security, encryption, authentication, key management, and applied cryptography
Experience with supporting security architectures involved with authentication, authorization and cybersecurity
In-depth knowledge of cryptographic algorithms, protocols, implementation and standards (e.g., AES, AES Modes: CTR; CBC; FPE; etc., DES/TDES, DH, DNSSEC, ECC, IBE, Kerberos, IPSec, MD5, OpenSSL, RSA, SHA*, SSL/TLS and ANSI, IETF, NIST, FIPS, PKCS, PKI)
Understanding of country based legal and regulatory requirements for cryptography, information confidentiality, and privacy
Knowledge of digital rights management and data classification
People Skills
Ability to work under pressure in time critical situations
Ability to resolve conflict in a collaborative manner
Must be a driver of change and have strong influential skills
Communication Skills
Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm.
Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman’s terms
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.