JPMorgan Securities Services- Company Secretary-Associate 

India, Maharashtra, Mumbai 

260197022

Senior Director, Head of Identity and Access Management for Chief Data & Analytics Office (CDAO)

Job Responsibilities:

• Pioneer a Visionary IAM Strategy: Develop and execute a comprehensive IAM roadmap for our CDAO & AI/ML data platforms, incorporating the latest advancements in securing LLMs, machine learning models, and the entire AI development lifecycle.
• Secure the AI Ecosystem: Engineer robust access control mechanisms for large-scale datasets, model training and inference environments, and the AI/ML supply chain. This includes defining and managing identities for human users, AI models, and autonomous agents.
• Mitigate Emerging AI-Specific Risks: Conduct in-depth assessments of IAM technologies and processes to identify and address vulnerabilities inherent to AI systems, such as prompt injection, data poisoning, and model theft.
• Drive Intelligent and Automated Governance: Leverage AI and machine learning to enhance IAM processes, including predictive access management, continuous behavioral authentication, and automated identity governance for our AI platforms.
• Stay at the Forefront of Innovation: Remain actively informed on the evolving landscape of IAM for AI, including regulatory changes, enforcement actions, and emerging solutions to ensure our control environment remains state-of-the-art.
• Lead with Expertise: Serve as the firm's subject matter expert on IAM for AI/ML, responding to regulatory inquiries, providing insightful documentation, and demonstrating a mature and compliant program.
• Foster a Culture of Security: Engage with cybersecurity, data science, and engineering teams to embed secure IAM practices throughout the AI development lifecycle and promote a deep understanding of the associated risks.
• Analyze and Learn from Incidents: Review and derive actionable lessons from significant security events where IAM is a contributing factor, continuously improving our defensive posture.
• Govern and Influence: Actively participate in and influence IAM governance forums, providing strategic insights to drive risk management initiatives and shape the firm's security policies.

Required Qualifications, Capabilities, and Skills:

• Formal training or certification on software engineering concepts and 10+ years applied experience
• A minimum of 10 years of experience in senior Identity and Access Management, cybersecurity, or related engineering roles.
• An expert-level understanding of core IAM principles, including Privileged Access Management (PAM), Role-Based Access Control (RBAC), and the principle of least privilege.
• Demonstrated experience with modern authentication and authorization technologies such as Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Zero Trust architecture.
• In-depth knowledge of cloud security principles and hands-on experience with IAM implementations in hybrid and multi-cloud environments (Azure, AWS, GCP).
• Proven ability to assess, design, and remediate complex IAM vulnerabilities and access control weaknesses.
• Hands-on experience with market-leading IAM solutions (e.g., SailPoint, Okta, CyberArk, Microsoft Entra ID, Ping Identity).
• Extensive experience in securing and managing Microsoft Active Directory (AD) and Azure AD (Entra ID) environments.

Preferred Qualifications, Capabilities, and Skills:

• Proven expertise in advanced Active Directory security concepts, including Group Policy Object (GPO) management, Kerberos authentication, NTLM, and LDAP.
• Demonstrable experience in the practical implementation of least privilege access, just-in-time access, and administrative tiering within a large enterprise.
• A strong understanding of the security challenges and opportunities presented by Large Language Models (LLMs) and generative AI.
• Familiarity with the machine learning lifecycle and the associated identity and access management requirements.
• Experience with securing data pipelines and implementing data-centric security controls.
• Knowledge of AD-related security threats and familiarity with advanced threat protection tools such as Microsoft Defender for Identity and Azure AD Identity Protection.
• Experience with ADFS, conditional access policies, and identity federation in complex hybrid environments.