Principal Security Controls Architect
Koitecc Solutions, Schaumburg, IL, United States
You have spent your career building security controls that scale, designing governance frameworks that actually get adopted, and translating complex risk into engineering requirements that teams can act on. This role was built for that kind of engineer. As part of CTO Global Technology Asset Management, you will lead the modernization of how the firm designs, automates, and governs its technology controls - working at a scope and scale that few organizations can offer. Your contributions will be visible, your impact will be measurable, and the problems you solve will matter.
As a Principal Security Controls Architect at JPMorganChase within CTO Global Technology Asset Management, you will take ownership of one of the most consequential engineering challenges in enterprise security – building the control architecture and asset governance model that determines how a global technology organization measures, enforces, and demonstrates security assurance. You will reimagine the technology control ecosystem, architect the control design and automation pipelines that replace manual evidence collection, and establish the governance standards that satisfy both engineering teams and regulatory examiners. Your influence will extend well beyond your immediate team – shaping how risk is understood and managed across the entire firm. If you are looking for a role where your engineering decisions have lasting, enterprise‑wide impact, this is it.
Job responsibilities
Define and drive the strategy and roadmap for technology control architecture across Global Technology Asset Management, aligning to regulatory expectations and firmwide security standards
Establish and enhance an enterprise‑grade asset taxonomy including critical metadata, ownership, lifecycle state, and control applicability
Architect and design control patterns that are reusable and scalable reducing manual processes and improving auditability
Partner with platform and product teams to embed controls into the asset lifecycle
Define control coverage and control health metrics, dashboards, and operational mechanisms to measure effectiveness, exceptions, and remediation progress
Evaluate, select, and implement security/control process/tooling to improve asset transparency, control automation, and evidence quality
Continually assess new trends in technology and determine implications on the overall security control process
Drive security engineering thought leadership within the product line
Champion the firm's culture of diversity, opportunity, inclusion, and respect
Required qualifications, capabilities, and skills
10 years in cybersecurity, security and technology controls, ITAM or related engineering and risk domains, including senior‑level leadership and delivery ownership
Demonstrated experience architecting security and technology controls at scale
Strong experience with asset inventory, asset lifecycle management, and taxonomy and metadata modeling, including how taxonomy drives control applicability and coverage
Experience building automation‑first solutions including CI/CD pipelines, infrastructure‑as‑code, and automated evidence collection and monitoring frameworks
Strong engineering depth and ability to partner with developers
Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards, grounded in a strong working knowledge of current and evolving security control frameworks
Ability to present and influence executive audiences, articulate complex technical risk clearly, and drive decisions across stakeholders
Preferred qualifications, capabilities, and skills
Experience partnering with Risk, Compliance, and Audit to improve control design, evidence quality and examination readiness while reducing operational burden
Experience with large‑scale enablement across multiple lines of business and engineering organizations
Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls, and translating framework requirements into engineering‑executable standards
Experience with cybersecurity asset management platforms such as ServiceNow CMDB, Axonius, or equivalent, including designing data models, ownership workflows, and asset lifecycle governance processes
Demonstrated ability to define and track control health metrics, KPIs, and adoption indicators that communicate security posture and governance maturity to executive and risk audiences
Benefits: These benefits include comprehensive health care coverage, on‑site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more.
We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans.
#J-18808-Ljbffr
As a Principal Security Controls Architect at JPMorganChase within CTO Global Technology Asset Management, you will take ownership of one of the most consequential engineering challenges in enterprise security – building the control architecture and asset governance model that determines how a global technology organization measures, enforces, and demonstrates security assurance. You will reimagine the technology control ecosystem, architect the control design and automation pipelines that replace manual evidence collection, and establish the governance standards that satisfy both engineering teams and regulatory examiners. Your influence will extend well beyond your immediate team – shaping how risk is understood and managed across the entire firm. If you are looking for a role where your engineering decisions have lasting, enterprise‑wide impact, this is it.
Job responsibilities
Define and drive the strategy and roadmap for technology control architecture across Global Technology Asset Management, aligning to regulatory expectations and firmwide security standards
Establish and enhance an enterprise‑grade asset taxonomy including critical metadata, ownership, lifecycle state, and control applicability
Architect and design control patterns that are reusable and scalable reducing manual processes and improving auditability
Partner with platform and product teams to embed controls into the asset lifecycle
Define control coverage and control health metrics, dashboards, and operational mechanisms to measure effectiveness, exceptions, and remediation progress
Evaluate, select, and implement security/control process/tooling to improve asset transparency, control automation, and evidence quality
Continually assess new trends in technology and determine implications on the overall security control process
Drive security engineering thought leadership within the product line
Champion the firm's culture of diversity, opportunity, inclusion, and respect
Required qualifications, capabilities, and skills
10 years in cybersecurity, security and technology controls, ITAM or related engineering and risk domains, including senior‑level leadership and delivery ownership
Demonstrated experience architecting security and technology controls at scale
Strong experience with asset inventory, asset lifecycle management, and taxonomy and metadata modeling, including how taxonomy drives control applicability and coverage
Experience building automation‑first solutions including CI/CD pipelines, infrastructure‑as‑code, and automated evidence collection and monitoring frameworks
Strong engineering depth and ability to partner with developers
Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards, grounded in a strong working knowledge of current and evolving security control frameworks
Ability to present and influence executive audiences, articulate complex technical risk clearly, and drive decisions across stakeholders
Preferred qualifications, capabilities, and skills
Experience partnering with Risk, Compliance, and Audit to improve control design, evidence quality and examination readiness while reducing operational burden
Experience with large‑scale enablement across multiple lines of business and engineering organizations
Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls, and translating framework requirements into engineering‑executable standards
Experience with cybersecurity asset management platforms such as ServiceNow CMDB, Axonius, or equivalent, including designing data models, ownership workflows, and asset lifecycle governance processes
Demonstrated ability to define and track control health metrics, KPIs, and adoption indicators that communicate security posture and governance maturity to executive and risk audiences
Benefits: These benefits include comprehensive health care coverage, on‑site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more.
We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans.
#J-18808-Ljbffr