Description Head of Security Products & Engineering As a Head of Security Products & Engineering at JPMorgan Chase you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects – and depending on your strengths and interests, you'll have the opportunity to move between them. While we’re looking for professional skills, culture is just as important to us. We understand that everyone's unique – and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference – on us as a company, and on our clients and business partners around the world Job responsibilities: Understand complex regulatory and internal security requirements and be able to advise on implementation options Guide & defining the security practices & standards end-to-end, covering external connectivity and internal service communication Interact with 3rd party vendors on security-related aspects during onboarding Interact with senior internal stakeholders - internal auditors, firmwide controls, etc Review & constantly improve existing security practices and standards Provide security architecture review with focus on threat modelling Embed threat modelling, solutions architecture, secure code review into product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations. Required qualifications, capabilities and skills: Extensive experience in a technical security engineering role (encryption, cryptography authorization, authentication, etc) Experience with at least one high-level programming language (Java, Python, etc) Excellent knowledge of security best practices at different stages of the development lifecycle Excellent knowledge of methods for authentication, authorization and encryption (AuthN/Z, JWT, RBAC, TLS, OAuth2) Excellent knowledge of all of the above concepts in the context of at least one (ideally more) public cloud provider (AWS,GCP,Azure) Experience of procuring security vendors and lifecycle management Understanding of modern SDLC practices and security aspects & tools of CI/CD pipelines (code scanning, container scanning) ICBCareers