Principal Security Controls Architect

You have spent your career building security controls that scale, designing governance frameworks that actually get adopted, and translating complex risk into engineering requirements that teams can act on. This role was built for that kind of engineer. As part of CTO Global Technology Asset Management, you will lead the modernization of how the firm designs, automates, and governs its technology controls - working at a scope and scale that few organizations can offer. Your contributions will be visible, your impact will be measurable, and the problems you solve will matter.

As a Principal Security Controls Architect at JPMorganChase within CTO Global Technology Asset Management, you will take ownership of one of the most consequential engineering challenges in enterprise security - building the control architecture and asset governance model that determines how a global technology organization measures, enforces, and demonstrates security assurance. You will reimagine the technology control ecosystem, architect the Control design and automation pipelines that replace manual evidence collection, and establish the governance standards that satisfy both engineering teams and regulatory examiners. Your influence will extend well beyond your immediate team - shaping how risk is understood and managed across the entire firm. If you are looking for a role where your engineering decisions have lasting, enterprise-wide impact, this is it., * Define and drive the strategy and roadmap for technology control architecture across Global Technology Asset Management, aligning to regulatory expectations and firmwide security standards

• Establish and enhance an enterprise-grade asset taxonomy including critical metadata, ownership, lifecycle state, and control applicability
• Architect and design control patterns that are reusable and scalable reducing manual processes and improving auditability
• Partner with platform and product teams to embed controls into the asset lifecycle
• Define control coverage and control health metrics, dashboards, and operational mechanisms to measure effectiveness, exceptions, and remediation progress
• Evaluate, select, and implement security/control process/tooling to improve asset transparency, control automation, and evidence quality
• Continually assess new trends in technology and determine implications on the overall security control process
• Drive security engineering thought leadership within the product line
• Champion the firm's culture of diversity, opportunity, inclusion, and respect

• 10 years in cybersecurity, security and technology controls, ITAM or related engineering and risk domains, including senior-level leadership and delivery ownership
• Demonstrated experience architecting security and technology controls at scale
• Strong experience with asset inventory, asset lifecycle management, and taxonomy and metadata modeling, including how taxonomy drives control applicability and coverage
• Experience building automation-first solutions including CI/CD pipelines, infrastructure-as-code, and automated evidence collection and monitoring frameworks
• Strong engineering depth and ability to partner with developers
• Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards, grounded in a strong working knowledge of current and evolving security control frameworks
• Ability to present and influence executive audiences, articulate complex technical risk clearly, and drive decisions across stakeholders

Preferred qualifications, capabilities, and skills

• Experience partnering with Risk, Compliance, and Audit to improve control design, evidence quality, and examination readiness while reducing operational burden
• Experience with large-scale enablement across multiple lines of business and engineering organizations
• Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls, and translating framework requirements into engineering-executable standards
• Experience with cybersecurity asset management platforms such as ServiceNow CMDB, Axonius, or equivalent, including designing data models, ownership workflows, and asset lifecycle governance processes
• Demonstrated ability to define and track control health metrics, KPIs, and adoption indicators that communicate security posture and governance maturity to executive and risk audiences

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.