Principal Cybersecurity Architect, Third-Party Assurance

This is a rare opportunity to operate at the intersection of deep technical cybersecurity expertise and enterprise-level risk strategy.

As a senior technical authority, you will shape how the firm evaluates and manages cybersecurity risk across its most strategically significant supplier relationships.

You will work alongside leaders across Cybersecurity, Technology, and Risk to drive meaningful improvements in third-party assurance outcomes.

Your expertise will directly influence how the firm protects itself against emerging threats in an increasingly complex supplier landscape.

If you are a cybersecurity leader who thrives on technical depth, credible challenge, and high-stakes decision-making, this role was built for you.

As an Executive Director at JPMorganChase within the Cybersecurity and Technology Controls Assessments and Exercises function, you will serve as the senior technical authority for third-party cybersecurity assurance, bringing deep hands-on expertise in cybersecurity architecture, cloud security, and enterprise control frameworks to critically evaluate the control maturity of the firm's most complex and strategically significant suppliers.

Reporting to the Global Third-Party Assurance Lead, you will elevate the technical rigor, depth, and credibility of third-party assurance outcomes across the organization.

You will translate complex technical findings into clear, business-relevant risk insights for senior stakeholders across Cybersecurity, Technology, Risk, and the Business.

You will also act as a trusted escalation point for the most technically challenging assessments, ensuring the firm's third-party risk posture reflects the highest standards of technical scrutiny.

Job Responsibilities:


* Provide authoritative technical leadership across third-party cybersecurity assessments, bringing deep expertise in cybersecurity architecture, cloud-native and hybrid environments, application security, and enterprise control domains.


* Lead and personally conduct in-depth technical evaluations of supplier cybersecurity posture, control maturity, and architectural resilience, particularly for the firm's most critical and complex third-party relationships.


* Perform threat modelling against supplier environments to identify potential security risks and develop mitigation strategies tailored to the firm's risk appetite.


* Evaluate supplier security architectures across public cloud providers (AWS, Azure, Google Cloud), assessing the design and effectiveness of controls in cloud-native, hybrid, and on-premises environments.


* Act as the senior technical escalation point for complex supplier risks, control gaps, and remediation strategies, providing credible challenge and expert advisory input.


* Drive the evolution of the third-party assurance methodology by embedding deeper technical assessment capabilities, including architecture reviews, threat modelling, and cloud security posture evaluation.


* T...