Senior Lead Security Controls Engineer

Senior Lead Security Engineer

Join a team where your engineering expertise directly shapes how Technology/Cyber controls are built, governed, and scaled across a global technology organization. Here, you will make a direct and meaningful impact, contributing to work that matters at every level of the firm.

As a Senior Lead Security Engineer at JPMorganChase within CTO Global Technology Asset Management, you will be a technical leader responsible for engineering scalable technology controls while also strengthening technology asset governance so that control applicability, evidence, and reporting are consistent and auditable across hybrid environments. Your work will directly influence how the firm manages risk and maintains trust across its global technology infrastructure.

Job responsibilities

• Design and implement a technology asset governance framework: taxonomy standards, mandatory metadata, ownership and attestation model, lifecycle states, stewardship expectations, and adoption mechanisms
• Define and maintain asset classification and criticality rules (e.g., tiering, criticality, environment, data sensitivity, internet exposure) and map them to control applicability and required evidence
• Lead the design and implementation of reusable control patterns
• Define and advance technology asset taxonomy and mandatory metadata standards
• Establish pragmatic asset governance mechanisms aligned to engineering and risk requirements
• Engineer automated evidence collection and continuous monitoring pipelines
• Translate threat models and risk requirements into testable control requirements and enforceable governance rules
• Partner with Risk, Compliance, and Audit to ensure controls and governance are auditable by design
• Contribute to a team culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• 5 years of experience in security engineering, IT asset management, or risk and technology controls, with demonstrated end-to-end delivery ownership
• Demonstrated experience designing and implementing technology controls at scale
• Experience building or operationalizing asset governance and asset management capabilities
• Practical experience with modern engineering practices including CI/CD pipelines, infrastructure-as-code, and automated testing frameworks
• Translate threat models and attack surface analysis into actionable control requirements and auditable governance standards
• Ability to communicate clearly with senior stakeholders and drive alignment across engineering, cybersecurity, and risk partners

Preferred qualifications, capabilities, and skills

• Product mindset (roadmaps, KPIs, adoption) and experience partnering with product owners and managers
• Experience supporting audits and exams with high-quality, repeatable evidence and well-governed exception processes
• Familiarity mapping controls and governance requirements to common frameworks such as NIST, ISO 27001, or CIS Controls