American Express Careers
Please enter a valid email.
Unfortunately, our network is not responding. Please try again later.
Your job alert was successfully created.
ISA - Senior IT Auditor
Our core businesses couldn’t do what they do without the partnership and support of our Global Servicing Network, our Technology organization, and the many other business, staff and internal services groups across Amex that interact with our customers, manage our risk, analyze our data, develop and run our platforms, ensure our compliance with laws and regulations, enable and protect our people, promote our brand, communicate with all our stakeholders, and keep the business running smoothly. Amex employees work together across businesses to deliver exceptional service, value and experiences to our customers in ways that are secure and efficient – and profitable for our company.
This Information Security Analyst position within Global Merchant & Network Solutions Technology (GMNST) in the Security, Risk, and Compliance team will play an indispensable role in ensuring robust internal control and integrity of GMNST applications.
- Ensuring compliance with Amex information protection and privacy policies/standards, and external regulations for safeguarding customer information.
- Managing the relationship between external auditors and AXP teams to support SOC1, SOC2, ASR related activities.
- Managing the relationship between the embedded Information Security team and agile scrums, ensuring user stories are created for new or modified controls.
- Designing controls for a new infrastructure and revised business and IT processes—this requires assessing previous controls, infrastructures, and business/IT processes; performing a gap analysis on the new infrastructure and processes; and working with engineers to ensure compliance in the future state through agile user stories and acceptance criteria.
- Drafting new controls as needed for a new infrastructure and processes, in conjunction with other stakeholders (enterprise information security, external auditors, the business, and IT).
- Managing an inventory of SOC 1 and SOC 2 controls for an existing system and a future-state system.
- Leading audit/compliance projects, activities, and initiatives for the org including planning, budget/forecasting, and providing team support.
- Managing Ethical Hack procedures including setting up dedicated test management environments, explaining risks associated with identified vulnerabilities/control gaps, and executing remediation.
- Providing effective independent risk assessment of information security programs, functions and/or processes.
- Performing regular monitoring of established internal control activities.
- Developing and maintaining documentation to proactively respond to internal and external audits.
- Guiding the GMNT team on regulatory and compliance programs and requirements.
- Providing proactive thought leadership and strategic direction to business partner teams.
To succeed in this role you’ll need to work with a high degree of autonomy, manage multiple initiatives/projects with differing priorities, and interact with all levels of the organization. A familiarity with project management and project financials is helpful.
- Experience in conducting security assessments and subsequent reporting
- Big Four audit experience is strongly preferred
- Experience in performing and/or managing System and Organization Control (SOC) reports
- Experience in DevSecOps, or development of controls in an Agile environment, a plus
- Knowledge of PCI DSS (Payment Card Industry Data Security Standards) a plus
- Professional certification: At least one of the Information Security/Risk Certifications is strongly preferred - e.g. CISA, CISSP, CRISC, CISM
- Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise
- Strong communication skills and relationship management experience
- Attention to details with a strong project management (of controls) background
- Excellent planning, decision making, and judgment skills
- Ability to meet deadlines in a multi-tasked environment
Schedule (Full-Time/Part-Time): Full-time