Senior Information Security Analyst

Get Referred

Job Description

You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible — and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day. 

From building next-generation apps and microservices in .NET Core to using AI to help protect our customers from fraud, you could be doing transformational work that brings our iconic, global brand into the future. As a part of our tech team, we could work together to bring ground-breaking and diverse ideas to life that power the digital systems, services, products and platforms that millions of customers around the world depend on. If you love to work with APIs, contribute to open source, or use the latest technologies, we’ll support you with an open environment and learning culture to grow your career.

Supports the development, implementation and management of information security requirements in multiple Technology disciplines. Main focus is on implementing security measures to protect computer systems, network devices, and data across the enterprise.  Additional responsibilities include preventing data loss and service disruptions by implementing secure solutions.

Organizational Context:

Works with Information Security Managers, Information Security Specialists and other experts to identify technical solutions and business process improvements in accordance with regulatory requirements, internal policies and standards and other guidance. Works individually and with teams on both structured and unstructured assignments. Serves as an information security or other domain liaison for Technology programs and initiatives. 

How will you make an impact in this role? 

  • Participates in the development of plans and strategies for information security, service continuity and other risk processes and programs 
  • Responsible for evaluation of applications, tools and systems  
  • Supports the implementation of processes and methods for auditing and addressing non-compliance to information security standards and methodologies; facilitate migration of non-compliant environments to compliant environments 
  • Crafts or leads the documentation of non-compliance to contracts, policies, process and standards and assist in their resolution 
  • Supports partners to achieve targeted levels of information security, project oversight and controls 
  • Implements security policies by administering and monitoring profiles, reviewing violation reports and investigating possible exceptions; document controls; make recommendations 
  • Develops analysis scenarios and response procedures        
  • Provides advice on controls, processes, and procedures 
  • Builds relationships with diverse groups, and leads meetings to gather and document data and information in order to measure and improve the effectiveness of information security activities performed within the company 
  • Supports the development of information security metrics and criteria 
  • Direct maintenance of internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements 
  • Provide technical or analytical guidance as needed for issue management, project assessments, and reporting 
  • Leads the evaluation of products and/or procedures to improve productivity and effectiveness 
  • Leads or prepares materials (reports, presentations, spreadsheets, etc) to enable informed decision-making; guide the verification of completeness, accuracy and relevance of data gathered  
  • Monitor and measure process efficiency and take corrective action as necessary. 
  • Assists in the development, implementation, and governance of processes and initiatives to ensure compliance, cost optimization, and efficiency


Range of Impact/Influence

  • Provides day-to-day operational management over functional processes and project delivery.   
  • Act as a mentor to Analysts and those passionate about developing their information security or other domain knowledge  
  • Make difficult and timely decisions regarding simple and complex business problems.  
  • Accountable for ensuring security standard methodologies, policies, and procedures are implemented and adhered to

Minimum Qualifications

Education & Experience:

  • Bachelor’s Degree in Computer Science, Information Systems, or other related field preferred (or equivalent work experience)  
  • Possesses prior technology and business work experience with exposure to various technical environments and business segments, and some experience working with auditors and regulators 
  • In-depth experience with desktop software, office automation tools, and issue tracking systems
  • Professional certification preferred (e.g. CSSLP, CISSP, PCIP, CISA, CISM, CPCB, etc.)


High Performance Behaviors:

  • Takes the initiative to build openness when changing circumstances cause ambiguity 
  • Knows when to raise decisions and when to make on-the-spot decisions 
  • Prepares well in advance to improve resource and time 
  • Seeks out and acts on peer and leadership feedback        
  • Identifies a number of ways to do things differently that will continuously improve the business  
  • Shares critical expertise and knowledge to support team 
  • Uses breakthrough thinking to generate insights, alternatives and opportunities for business successes 
  • Aligns longer term plans with team strategy for maximum return on investment



  • Knowledge of frameworks, standards, and best practices (i.e. PCI, ISO, COBIT, COSO, CMMI, AWS Well-Architected Framework) 
  • Requires knowledge in at least one of business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance 
  • Experience in PCI DSS, PA-DSS, PCI P2PE, or PCI SSLC program management or assessment
  • Excellent skill in organizing, managing and interpreting data 
  • Excellent time management skills, and the ability to prioritize and multi-task


Technology Skills You'll Use Every Day:

  • Adaptive Communication
  • Agile Practices
  • Industry and Company Knowledge
  • Organizational Change
  • Technical Acuity
  • Technology Industry Trends


Game Changers:

  • Flexibility
  • Collaboration & Partnership
  • Continuous Improvement
  • Courage
  • Curiosity
  • Resourcefulness
  • Servant Leadership
  • Tenacity


Role/Strengths You’ll Need:


  • Emerging Technologies 
  • System/Platform Domain Knowledge 


  • Business Risk Management 
  • Information Security 


  • Analytical Thinking
  • Relationship Management 
  • Influence


  • Business Case Development
  • Regulatory Compliance

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.

ReqID: 21004624
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Apr 1, 2021, 3:24:16 PM