American Express Careers

Sr Info Security Analyst- Technology Risk Assessments

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

Information Technology Risk Assessments protect enterprise value by providing timely and reliable technology risk assessments to influence critical business and technology decisions. Our mission is to regularly and accurately measure, catalog, and communicate technology risk. Team functions include Information Security Assessments for New Product Approvals (AEMP54), Solution Architecture Reviews, Platform Architecture Reviews, Technology Control Assessments, Entity Self Risk Assessments and Cyber Threat Risk Assessments.
Key responsibilities include:
  • Perform Information Security and Information Technology Risk Assessments
  • Provide guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders
  • Conduct security assessments of applications with respect to design and implementation of system and application code. Requires expert knowledge in Information Security practices, tools, and processes
  • Work with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls and information security risk management
  • Consider innovative attack techniques to foil protective design and in-place mitigations
  • Support the investment decision process by developing business cases and cost benefit analyses for new information security solutions
  • Create reports and other materials to assist in prioritizing activities related to various threats to web and network operations
  • Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
  • Provide ongoing awareness and education of industry efforts and statistics relevant to information security
  • Develop and define IT and information security standardized metrics and criteria
  • Facilitate improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
  • Provide consultation to internal Business partners, customers and Vendors in assessing information security risks and mitigating controls to protect corporate intellectual capital, and other sensitive data
  • Perform technical IT/IS control effectiveness assessments using a combination of available metrics and expert interviews

Contribute to the implementation of an IT controls catalog by helping frame controls in the context of American Express standards and external frameworks


Required Work Experience, Education, Certification / Training:
  • Bachelor’s degree in computer science, information systems, or other related field.
  • Professional certifications preferred (CISSP, CRISC, CISA, PCI, CISM)
  • At least 5 years’ work experience in information security or technology risk
  • Technical background with hands-on experience across a variety of technologies (strong emphasis on Enterprise Architecture, Application Development, Database Design/Administration, Network Infrastructure)
  • Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)
  • Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. FAIR, NIST, ISO, PCI DSS,
Required Knowledge, Skills and Abilities:
  • Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance
  • Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
  • Knowledge of applicable information security standards and regulatory requirements
  • Excellent written and oral communication skills
  • Highly self-motivated and directed
  • Keen attention to detail
Why American Express 
Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.
US Candidates/Employees: Click here to view the 
"EEO is the Law" poster and supplement and the Pay Transparency Policy Statement.
If the links do not work, please copy and paste the following URLs in a new browser window: 

ReqID: 18003653
Schedule (Full-Time/Part-Time): Full-time
Apply Get Referred