American Express Careers
Please enter a valid email.
Unfortunately, our network is not responding. Please try again later.
Your job alert was successfully created.
Sr Info Security Analyst- Technology Risk Assessments
- Perform Information Security and Information Technology Risk Assessments
- Provide guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders
- Conduct security assessments of applications with respect to design and implementation of system and application code. Requires expert knowledge in Information Security practices, tools, and processes
- Work with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls and information security risk management
- Consider innovative attack techniques to foil protective design and in-place mitigations
- Support the investment decision process by developing business cases and cost benefit analyses for new information security solutions
- Create reports and other materials to assist in prioritizing activities related to various threats to web and network operations
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security
- Develop and define IT and information security standardized metrics and criteria
- Facilitate improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
- Provide consultation to internal Business partners, customers and Vendors in assessing information security risks and mitigating controls to protect corporate intellectual capital, and other sensitive data
- Perform technical IT/IS control effectiveness assessments using a combination of available metrics and expert interviews
Contribute to the implementation of an IT controls catalog by helping frame controls in the context of American Express standards and external frameworks
- Bachelor’s degree in computer science, information systems, or other related field.
- Professional certifications preferred (CISSP, CRISC, CISA, PCI, CISM)
- At least 5 years’ work experience in information security or technology risk
- Technical background with hands-on experience across a variety of technologies (strong emphasis on Enterprise Architecture, Application Development, Database Design/Administration, Network Infrastructure)
- Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)
- Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. FAIR, NIST, ISO, PCI DSS,
- Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance
- Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
- Knowledge of applicable information security standards and regulatory requirements
- Excellent written and oral communication skills
- Highly self-motivated and directed
- Keen attention to detail
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
US Candidates/Employees: Click here to view the "EEO is the Law" poster and supplement and the Pay Transparency Policy Statement.
Schedule (Full-Time/Part-Time): Full-time