American Express Careers

Manager, Information Security Oversight

Toronto, Canada
Digital Commerce Technology

Job Description

Manager, Information Security Oversight, Global Risk, Banking & Compliance (GRBC) 

The position serves as the Chief Information Security Officer (CISO) of American Express Bank of Canada, responsible for the managing the Bank’s Information Security program and governance in line with the Bank’s policies and standards and regulatory requirements set out by OSFI.
The Manager, Information Security Oversight, Global Risk, Banking and Compliance is responsible for the management of the international Bank’s IT Risk & Information Security programs commensurate with the best interest of shareholders, customers, employees, and the public. The Manager works under the supervision of the Director of Information Security Risk Oversight, as needed, to collaborate closely with India Business stakeholders and other support functions including Compliance, Legal, Operational Risk, HR etc. to ensure compliance with Bank & American Express policies and procedures. The Manager assists in establishing bank technology and information security risk related goals to control risk.

Essential Job Functions:
  • Function as the Manager, Information Security Oversight, Global Risk, Banking and Compliance to ensure compliance with American Express Information Security, Information Technology, & Management Policies - Financial Institution Letters and other guidance, regulation, and law governing financial Institutions for IT Risk & Information Security
  • Creating monthly reports for Senior leadership within the Bank and presenting the same to relevant Bank committees
  • Work closely with Business, Operational Risk, Compliance, Technologies and other teams as appropriate to review and approve new product launches from Information Security perspective and highlight risks and appropriate mitigations measures as applicable
  • Create applicable regulatory reports and submit to internal teams as well as regulators as appropriate
  • Collaborate with Information Security oversight team to align Bank’s information security program with global framework and best practices
  • Perform Annual IT/IS Risk Assessment and present the results to the Audit and Compliance Committee of the Board
  • Serve as a member of the IT Steering Committee and present current/emerging cyber threat trends and Bank’s readiness to deal with them on a periodic basis
  • Ensure compliance within the area of responsibility of all banking rules for federal, state, local, and country-specific guidelines and regulations, and past auditing results.
  • Provide periodic updates, reports, and recommendations to the Leadership and Boards of Directors on various Information Security/Technology related topics
  • Responsible and accountable for the IT Risk & Information Security requirements of the international Banks
  • Responsible for developing, establishing, monitoring, reviewing, and improving the strategies, processes, and procedures within the scope of this job description.
  • Identify, articulate, initiate, and monitor progress of actionable and measurable goals/KRIs/KPIs to be accomplished. Lead interaction with regulators on matters related to the incumbent’s area of responsibility
  • Ensure all Leadership functions outlined and/or required by American Express are properly and effectively conducted and displayed. Possess and execute outstanding ability to evaluate and influence others (direct reports, peers, managers, affiliates, business partners, etc.) to achieve complex objectives against tight deadlines.
  • Responsible for staying knowledgeable of Regulatory and legislative changes pertaining to banking and credit card practices that may impact American Express, and/or the incumbent’s area of responsibility.
  • Conform with, and abide by all regulations, policies, work procedures, and instructions
  • Required self-starter who can work with minimal supervision and across multiple time zones and various times-of-day
  • Demonstrate appropriate technical skills and abilities in-line with jobs responsibilities (such as emerging technology and associated IT & Information Security Risk)
  • Develop staff member’s training, education, and expertise within their respective responsibility, as applicable. Establish and maintain communication channels with affiliate service providers. Provide oversight of key bank vendors and service level agreements related to the area of responsibility.
  • Complete required annual training commensurate with duties.
  • Demonstrates good verbal and written communication skills; and, other duties as assigned
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.


  • Knowledge of OSFI Cyber Security regulations related to IT and IS
  • 5+ years full-time Information Security experience
  • 10+ years working knowledge of key IT & Application Risk Management functions
  • Strong background in overall Risk Management security discipline
  • Strategic thinker who is able to combine technical skills with overall business strategy to creatively solve complex problems
  • Ability to collaborate with cross functional teams across geographies in various time zones
  • Proven Technology Operations Management experience
  • Experience in leading teams of employees, contractors and vendor partners
  • Strong presentation skills
  • Strong communication skills (written and verbal)
  • Experience working with and communicating to senior leaders
  • Ability to analyze high level requirements, identify and evaluate alternatives, develop recommendations, gain leadership alignment and implement changes
  • Ability to manage multiple projects simultaneously with minimal guidance and direction
  • Willingness to challenge traditional thinking by actively engaging in constructive dialogue
  • Ability to make sound decisions under pressure
  • Ability to support/manage multiple projects with changing priorities
  • Educational requirement: Preferred background in Computer Science or Information Systems
  • Preferred Additional: Certifications: CISSP, CISM, CISA
  • Bachelor’s Degree in related field
  • Industry certifications (e.g. CISM, CISA, CISSP)
  • Strong knowledge of PCI DSS
  • Knowledge of IT & IS regulations in Canada
Why American Express
Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law. Click here to view the "EEO is the Law" poster.

ReqID: 18016945
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Oct 31, 2018, 3:33:46 PM