American Express Careers

Information Security Manager- Operational Risk

Phoenix, Arizona; Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

It’s more than protecting systems and data.

It’s protecting people.

Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future.  So if you are dedicated to the latest technology and motivating others, secure your career here.


You won’t just see the problem coming, you’ll see the solution.


New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing: 

  • Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
  • Encouraging employee contribution, such as feedback, career development planning, and goal setting.
  • Developing plans and strategies for information security tools, processes, and programs
  • Responding to changes in the regulatory environment and assisting other organizations in doing the same.
  • Making strategic recommendations to enhance information security, including processes, procedures, governance approaches, and compliance.

Operational Risk Management at American Express is a comprehensive and integrated program designed to identify, measure, report, monitor and control operational risk exposure of various business processes. The American Express Technology Operational Risk team is focused on information security and technology risk, a subset of operational risk, and provides support to American Express Technology (AET) and business units in meeting all relevant operational risk, regulatory and compliance requirements.


This position, reporting to the Director, Third Party Risk, will be part of a team responsible for overseeing third party risk and strategy, specifically focused on aspects of assessing and reporting on third party risks and components, process recommendations, testing of program controls, and consulting on risks associated with specific aspects of technology development and information security.


The successful candidate will be required to  provide leadership, partnership and guidance to other AXP business units as part of these ongoing activities. This position is highly visible throughout the Company, and will require a high degree of knowledge about Information Security practices and Operational Risk processes, both within AXP as well as industry standards such as ISO, NIST, SOC, etc. 

  The successful candidate will have the ability to build and maintain excellent relationships with all levels of the organization which is critical to success.  


The role will require working closely with senior leaders and their representatives to ensure appropriate responses to third party inquiries, third party risk assessments, and to ensure that deliverables and milestones satisfy objectives and the expectations of a variety of stakeholders. The successful candidate may also be required as needed to lead, consult, support and educate Technology partners to ensure that all aspects of the Third Party Risk Framework are well-managed.


Do you have what it takes to lead the way in cyber security?

  • 5-7 years experience in Information Security, Operational Risk Management, Third Party Security Management, Internal Audit, Compliance or Reengineering within the Banking or Financial Services industries; experience in Information Security and Third Party required, additional expertise in Operational Risk highly preferred.
  • Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI high preferred
  •  Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise to drive results.
  • Demonstrated expertise in process development and documentation, preferably in a risk, IT or Compliance environment.
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.
  • Strong ability to synthesize large amounts of data into short key messages and identify and analyze related trends .
  • Strong ability to develop clear, concise, interesting and audience-appropriate reports, presentations and other communications .
  • Proven excellent relationship management skills with all levels of the enterprise are required

At the core of Information Security Management.


Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including: 

  • Agile Practices
  • Emerging Technologies
  • Business Process Improvement
  • Business Risk Management
  • Analytical Thinking
  • Coaching and Mentoring
  • Business Case Development
  • Industry and Company Knowledge

Why American Express 


Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


ReqID: 18000735
Schedule (Full-Time/Part-Time): Full-time
Apply Get Referred