Job ref no.: CT3128817-01#3264

Cloud-Security Lead: Information Security Manager

JPMorgan Chase Bank, N.A.

Cybersecurity & Technology Controls (CTC); As an Information Security Manager (ISM), you are part of the Cybersecurity & Technology Controls (CTC) team, supporting the Chief Technology Office (CTO) in their expansion of Public Cloud. You will play an important role in managing security, risk, and compliance as it relates to workloads going to and on the public cloud. You will have an eye for detail and an ability to see big picture across control issues for both CTC & CTO organizations.

The Chief Technology Office is the technology organization for the firm, delivering a wide range of cutting edge products and services (for example public cloud, CI/CD & ML/AI capabilities), and partnering with all lines of business to provide high quality service delivery, exceptional project execution and financially disciplined approaches and processes in the most cost effective manner. The objective of the CTO is to balance both business alignment and the centralized delivery of core products and services.

The Public Cloud program is an initiative responsible for architecting, implementing and supporting new, cutting edge, cloud platforms for transforming our business applications into scalable, elastic systems used to drive JP Morgan's digital transformation.


  • Work with Cybersecurity and CTO organizations to ensure the security, risk, & compliance of public cloud infrastructure in APAC.
  • Trusted advisor to CTO solution architects to ensure security of designs, guard rails, and blueprints for application architectures and cloud platforms (AWS, Azure, etc.).
  • Support APAC regulatory and compliance inspections as they relate to workloads on public cloud in the APAC region.
  • Conduct technical security and risk assessments for public cloud workloads.
  • Enable the business by partnering with Accelerator teams, to ensure the security, risk mitigation, & compliance for workloads moving to cloud.
  • Seen as the cloud-security ISM lead in APAC.
  • Ensure that all pertinent Information Risk and Control regulatory requirements and applicable policies are understood by technologists.
  • Build and maintain strong business and vendor relationships.
  • Engage across departments and countries with Internal Audit, Compliance, Legal and Risk functions.


  • Hands on experience securing public cloud workloads in a hybrid, global environment.
  • Direct security, risk, and compliance experience with AWS, Azure, or Alibaba Cloud.
  • Active industry certifications related to cloud security i.e.: CCSP, AWS/Azure/Google certified security Specialist etc.
  • Regulatory and Compliance experience in the context of public cloud, including APAC regulatory experience with MAS, HKMA, and other regional regulations.
  • Knowledge of security controls, configuration management, and vulnerability management in public cloud are essential.
  • Experience in Risk Management and/or Technology Audit functions is strongly desired. Understanding of regional standards, requirement, and risk assessment methodologies.
  • Subject matter expert on technology risk management with understanding of IT control policies preferred relate to the Public Cloud.

Preferred Skills:

  • CISA, CISSP, CISM or other information security certifications which demonstrate industry knowledge and experience.
  • Proven ability to examine, improve and execute the organization's existing processes and procedures for risk assessment.
  • Work independently, collaborate within a team and comfortable in a virtual environment.
  • Mandarin speaking is preferred as this role may require interaction with projects related to our China project.
  • Ability to prioritize and work under stringent timelines in a global environment.
  • Partner with global cloud-security product management teams. Drive internal customer feedback to improve our cloud-security products to continuously raise the security bar.
  • Build automation/self service capabilities for analysis, reporting and reusing of information to address control issues.
  • Understanding of technology processes such as resiliency, disaster recovery management, performance and capacity management required
  • Executive Stakeholder engagements, including ability to interact and present to senior levels of management.
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.


We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Interested parties please click Apply Now to apply job.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.