Data Protection Cyber Risk Manager (Encryption) - Cyber Security

Job description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/ .

The Cybersecurity organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
This position is targeted for a technical executive in information management with extensive governance and compliance experience and a proven track record of identifying inadequacies and providing solutions.

The Data Protection Cyber Risk Manager will focus on establishing a security framework for data protection within JPMC. This role will interface heavily with Global Technology (GTI) to provide Cyber support and ensure technologies provided by GTI to end users are configured and delivered in conformance with Cyber best practices.

This role will ensure the security framework is clearly defined in policies, standards and procedures that support global information security architecture objectives. Security controls and hardening standards relevant to core platforms will be defined and maintained. You will liaise with stakeholders across the firm to drive strategic execution of key imperatives. You will ensure that intended objectives are able to be adopted by impacted stakeholders, and changes are clearly and comprehensively communicated. The role requires a strong leader who is also a self starter who can understand program objectives, create or modify controls using a logical and standardized approach, and independently and proactively engage internal partners to align on an agreed upon solution. This role will also ensure that associated security risks concerns are embedded in supporting processes (e.g. 3 rd party, cross impacted Cyber functions, etc).

The Data Security Lead role is responsible for:
· Focusing on establishing secure configuration and management of cyber controls
· Define Cyber controls (standards) for core platforms understanding the complex and diverse nature of JPMC. These controls must be implementable and measurable from a compliance perspective.
· Contribute toward an execution strategy that focuses on embedding security controls into existing practices to enhance effectiveness. Success will be measured by the comprehensiveness of associated standards/procedures
· Participate in cross LOB working groups to review and approve proposed architecture and support presentations to various leadership groups for final approval
· Update applicable standards and procedures translating security requirements into easily understood controls
· Maintain a deep understanding of the core discipline(s) for which you support (SME)
· Ensure that ancillary processes (3rd party risk, assessments, etc) accurately reflect control requirements
Technical
· Assessing cryptographic approaches, requirements, and capabilities
· Evaluating existing solutions and providing feedback to strengthen them
· Understanding emerging trends, technical reviews, security threats, business requirements, and architectural views in order to provide input on solutions
· Collaborating with business and technology partners to understand the firm's business goals, use of cryptography in business processes and cryptographic requirements
· Providing support in guiding business and technology partners on cryptographic and data protection matters
· Sharing of information about cryptographic best practices, risks, interpretation of firm-wide standards, etc.
· Creating design templates and best practices on cryptographic implementations

Desired profile

·  3-5 years of experience in with corporate IT cryptographic solutions
·  Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across application, backup, database, endpoint device, email, file, network, removable media and storage domains. It is desired to have worked with vendor based implementations such as Cloud-based, Cisco, EMC, IBM, Microsoft, Oracle, RSA, Sybase, Voltage, Vormetric, Secure Islands, Titus, etc.
·  Working experience with key management (KMIP and PKCS#11), distribution and administration (user and machine based)
·  BS degree in Computer Science, Computer Engineering, or Applied Mathematics required
EXPERIENCE
·  Direct involvement in cryptographic and key management programs
·  Supporting cryptographic strategy, policies, standards and compliance procedures
·  Solid understanding of security, encryption, authentication, key management, and applied cryptography
·  Supporting security architectures involved with authentication, authorization and cybersecurity
·  Knowledge of cryptographic algorithms, protocols, implementation and standards (e.g., AES, AES Modes: CTR; CBC; FPE; etc., DES/TDES, DH, DNSSEC, ECC, IBE, Kerberos, IPSec, MD5, OpenSSL, RSA, SHA*, SSL/TLS and ANSI, IETF, NIST, FIPS, PKCS, PKI)
·  Understanding of country based legal and regulatory requirements for cryptography, information confidentiality, and privacy
·  Digital rights management and data classification

Communication Skills

·  Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm
Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman's terms