American Express Careers

Information Security Manager- IT Risk

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

It’s more than protecting information, it’s protecting people.
Information Security Managers know security is a top priority for our business, our partners, and customers. As cyber-attacks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The Information Security and technology controls team works across both information security and technology groups to identify risks and assist with control development and metrics determination to enable continuous control monitoring. It is the security and technology controls team’s responsibility to develop a common understanding of risk across multiple business units within American Express, enabling the enterprise to identify and respond to IT and IS risks while ensuring regulatory and compliance requirements are met 


You won’t just see the problem, you’ll drive the solution.
On a daily basis you will be asked to:
  • Work with key stakeholders within information technology and information security to identify risks and recommend control implementations.
  • Lead the performance of design assessments on current technology controls to identify potential improvement opportunities.
  • Define metrics to support operating effectiveness conclusions and enable continuous control monitoring.
  • Lead the performance of thematic root-cause analysis on recurring technology caused events to identify unmitigated risks and areas for control enhancements.
  • Ensure various compliance requirements (SOX, BASEL, GLBA, etc) are met through implementation of controls
  • Refine risk libraries and associated questionnaires to ensure business teams are appropriately addressing technology and information security risk. 
  • Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations.
  • Drive creative thinking to generate insights, alternatives, and technical terms within key areas of technology.
  • Demonstrate ability to consider multiple viewpoints and bring them to consensus.


Do you have what it takes to lead the way in cyber security?

·       Bachelor’s or Master’s Degree in related field preferred.

·       CISA, CISM, or CRISC required.

·       5 years of relevant experience required, 10+ years preferred.

·       Experience with development and/or assessment of technology and information security controls.

·       Expertise in assessing technology risks and development of controls to mitigate risks.

·       Expertise in key technology domains including: change management, incident and problem management, event management, SDLC and application development, service continuity/availability.

·       Experience in key information security domains including: application security, identity and access management, and IT Asset and Configuration management.

·       Experience in automation and data analytics to enable process improvement preferred.

·       Banking or Financial Services industry experience preferred.

·       Audit and compliance experience preferred.

·       Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise to drive results.

·       Exceptional communication skills, both written and presentation.

·       Shares expertise and knowledge to support teams.

·       Strong interpersonal relationship skills with ability to quickly establish new relationships.


At the core of Information Security.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

·       Agile Best Practices (Understanding the framework and how to apply)

·       Emerging Technologies (Cloud, Blockchain, etc)

·       Analytical Thinking (Analyzing complex information and identifying the most relevant details)

·       Technical Process Improvement

·       Information Risk Management

·       Coaching and Mentoring

·       Collaboration & Teamwork

·       Industry and Company Knowledge

·       NIST, ISO, PCI, NYDFS, etc.

·       RSA Archer toolset


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

Why American Express 

Talk to our people and you’ll find out what we’re really all about. Inclusive, creative, thorough, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.


American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.

US Candidates/Employees: Click here to view the 
"EEO is the Law" poster and supplement and the Pay Transparency Policy Statement.


If the links do not work, please copy and paste the following URLs in a new browser window: 

ReqID: 18011198
Schedule (Full-Time/Part-Time): Full-time
Apply Get Referred