Senior Lead Security Controls Engineer
Role details
Job location
Tech stack
Job description
As a Senior Lead Security Engineer at JPMorganChase within CTO Global Technology Asset Management, you will be a technical leader responsible for engineering scalable technology controls while also strengthening technology asset governance so that control applicability, evidence, and reporting are consistent and auditable across hybrid environments. Your work will directly influence how the firm manages risk and maintains trust across its global technology infrastructure., * Design and implement a technology asset governance framework: taxonomy standards, mandatory metadata, ownership and attestation model, lifecycle states, stewardship expectations, and adoption mechanisms
- Define and maintain asset classification and criticality rules (e.g., tiering, criticality, environment, data sensitivity, internet exposure) and map them to control applicability and required evidence
- Lead the design and implementation of reusable control patterns
- Define and advance technology asset taxonomy and mandatory metadata standards
- Establish pragmatic asset governance mechanisms aligned to engineering and risk requirements
- Engineer automated evidence collection and continuous monitoring pipelines
- Translate threat models and risk requirements into testable control requirements and enforceable governance rules
- Partner with Risk, Compliance, and Audit to ensure controls and governance are auditable by design
- Contribute to a team culture of diversity, opportunity, inclusion, and respect
Requirements
- 5 years of experience in security engineering, IT asset management, or risk and technology controls, with demonstrated end-to-end delivery ownership
- Demonstrated experience designing and implementing technology controls at scale
- Experience building or operationalizing asset governance and asset management capabilities
- Practical experience with modern engineering practices including CI/CD pipelines, infrastructure-as-code, and automated testing frameworks
- Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards
- Ability to communicate clearly with senior stakeholders and drive alignment across engineering, cybersecurity, and risk partners
Preferred qualifications, capabilities, and skills
- Product mindset (roadmaps, KPIs, adoption) and experience partnering with product owners and managers
- Experience supporting audits and exams with high-quality, repeatable evidence and well-governed exception processes
- Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls
Benefits & conditions
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
