Apply on Employer Site

Chase · 2 months ago

Sr lead Cybersecurity Architect

10 S Dearborn St, Chicago, IL, 60603, US

Full-time

Onsite

Senior Level, Lead/Staff

$147K/yr - $225K/yr

5+ years exp

Chase is one of the world's most influential companies, seeking a Sr. Lead Cybersecurity Architect to impact the Payments industry. The role involves partnering with technology teams to ensure secure solutions are designed and implemented while providing advisory support on cybersecurity engineering and architecture.

BankingFinancial Services

Responsibilities

Core technical contributor and expected to apply your expertise in cybersecurity engineering, application, cryptography, and architecture domains to operate as the security-lead part of projects and initiatives supporting Payments. Define, Design, and Guide security throughout existing and future payment technology environments

Work with internal technology team to ensure security and compliance is designed from-the-start for modern technology stacks such as point-of-sale devices (POS), device key and identity management, public cloud connectivity, API gateways, & hybrid environments

Advise and assist on opportunities for architectural patterns, repeatability, and advise on deviations. In this context, a strong understanding of security tooling is important as you as you will advise your stakeholders on how and where to leverage various security products to mitigate risk

Research, design and apply advanced security techniques such as threat modeling and structured architecture reviews

Translate and advise on technical designs that must meet risk profile and compliance needs in a global context. Including cross-border, data sovereignty, and design/advise to ensure our tech teams meet respective regulatory requirements applicable to their workloads

Partnering with our Commercial and Investment Bank and other technical teams to ensure area owners are advise and oversee security design and implementation, applied in a timely manner. Providing regular management reporting to senior management and relevant stakeholders in business units

Design security solutions to manage risk for new and emerging technologies in the Payments space

Perform threat modelling to identify potential security risks and develop mitigation strategies. Use your knowledge of applicable regulatory requirements such as PCI-DSS, HIPAA, etc. to design secure architectures that both meet security, risk, and compliance requirements

Qualification

Cybersecurity architectureThreat modelingPublic cloud securityCryptographyPayments securityRegulatory complianceIdentityAccess ManagementApplication SecurityRisk managementSoft skills

Required

Formal training or certification on cybersecurity architecture concepts and 5+ years applied experience

Practical working knowledge of, or experience architecting and providing security guidance inline with industry frameworks applicable to Payments (ie: PCI-DSS, HIPAA, etc.)

Hands-on experience in threat modeling and designing secure controls for enterprise-level solutions

Thorough design and security architecture experience in one or more of the large public cloud providers. (e.g. AWS, Azure, Google Cloud) Certifications advantageous

Cryptography experience in regard to key and secrets management for point-of-sale (POS) devices, IoT devices or peripherals

Experience designing secure solutions specific to hybrid connectivity both in house across platforms and cloud providers

Experience designing secure solutions specific securing (payments) flows between 3rd parties or business partners

Experience with Point of Sale (POS) device security, key management, identity, and interconnectivity with third parties, hybrid, and on-prem ecosystems

In-depth knowledge of the financial services industry and their IT systems

Preferred

Security architecture role or responsibilities at large enterprise, global scale

Experience working with AI models and complex distributed data sets

API Gateway security expertise

Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection

Risk management, governance, risk & compliance experience – preferably intersected with technical design and architectural inputs

Experience managing Identity and Access Management (IAM) in an enterprise and hybrid environments

Experience conducting architecture reviews to find and evaluate application and infrastructure security risks using formalized Threat Modeling methodologies (e.g., STRIDE)

Experience in Application Security, background in penetration testing will be helpful in this role