Senior Lead Security Controls Engineer
Koitecc Solutions, Schaumburg, IL, United States
Join a team where your engineering expertise directly shapes how Technology/Cyber controls are built, governed, and scaled across a global technology organization. Here, you will make a direct and meaningful impact, contributing to work that matters at every level of the firm.
As a Senior Lead Security Engineer at JPMorganChase within CTO Global Technology Asset Management, you will be a technical leader responsible for engineering scalable technology controls while also strengthening technology asset governance so that control applicability, evidence, and reporting are consistent and auditable across hybrid environments. Your work will directly influence how the firm manages risk and maintains trust across its global technology infrastructure.
Job responsibilities
Design and implement a technology asset governance framework: taxonomy standards, mandatory metadata, ownership and attestation model, lifecycle states, stewardship expectations, and adoption mechanisms
Define and maintain asset classification and criticality rules (e.g., tiering, criticality, environment, data sensitivity, internet exposure) and map them to control applicability and required evidence
Lead the design and implementation of reusable control patterns
Define and advance technology asset taxonomy and mandatory metadata standards
Establish pragmatic asset governance mechanisms aligned to engineering and risk requirements
Engineer automated evidence collection and continuous monitoring pipelines
Translate threat models and risk requirements into testable control requirements and enforceable governance rules
Partner with Risk, Compliance, and Audit to ensure controls and governance are auditable by design
Contribute to a team culture of diversity, opportunity, inclusion, and respect
Required qualifications, capabilities, and skills
5 years of experience in security engineering, IT asset management, or risk and technology controls, with demonstrated end-to-end delivery ownership
Demonstrated experience designing and implementing technology controls at scale
Experience building or operationalizing asset governance and asset management capabilities
Practical experience with modern engineering practices including CI/CD pipelines, infrastructure-as-code, and automated testing frameworks
Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards
Ability to communicate clearly with senior stakeholders and drive alignment across engineering, cybersecurity, and risk partners
Preferred qualifications, capabilities, and skills
Product mindset (roadmaps, KPIs, adoption) and experience partnering with product owners and managers
Experience supporting audits and exams with high-quality, repeatable evidence and well-governed exception processes
Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls
We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans.
#J-18808-Ljbffr
As a Senior Lead Security Engineer at JPMorganChase within CTO Global Technology Asset Management, you will be a technical leader responsible for engineering scalable technology controls while also strengthening technology asset governance so that control applicability, evidence, and reporting are consistent and auditable across hybrid environments. Your work will directly influence how the firm manages risk and maintains trust across its global technology infrastructure.
Job responsibilities
Design and implement a technology asset governance framework: taxonomy standards, mandatory metadata, ownership and attestation model, lifecycle states, stewardship expectations, and adoption mechanisms
Define and maintain asset classification and criticality rules (e.g., tiering, criticality, environment, data sensitivity, internet exposure) and map them to control applicability and required evidence
Lead the design and implementation of reusable control patterns
Define and advance technology asset taxonomy and mandatory metadata standards
Establish pragmatic asset governance mechanisms aligned to engineering and risk requirements
Engineer automated evidence collection and continuous monitoring pipelines
Translate threat models and risk requirements into testable control requirements and enforceable governance rules
Partner with Risk, Compliance, and Audit to ensure controls and governance are auditable by design
Contribute to a team culture of diversity, opportunity, inclusion, and respect
Required qualifications, capabilities, and skills
5 years of experience in security engineering, IT asset management, or risk and technology controls, with demonstrated end-to-end delivery ownership
Demonstrated experience designing and implementing technology controls at scale
Experience building or operationalizing asset governance and asset management capabilities
Practical experience with modern engineering practices including CI/CD pipelines, infrastructure-as-code, and automated testing frameworks
Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards
Ability to communicate clearly with senior stakeholders and drive alignment across engineering, cybersecurity, and risk partners
Preferred qualifications, capabilities, and skills
Product mindset (roadmaps, KPIs, adoption) and experience partnering with product owners and managers
Experience supporting audits and exams with high-quality, repeatable evidence and well-governed exception processes
Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls
We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans.
#J-18808-Ljbffr