American Express Careers

Information Security Specialist- Information Security (IS) Policies, Standards, and Awareness

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

It’s more than protecting information, its protecting people.

Information Security Specialists know security is a top priority for our business, our partners, and our customers. As cyber-attacks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The Information Security (IS) Policies, Standards, and Awareness team works with leadership to formalize the strategic vision, driving governance for policies, standards and controls, identifying and closing gaps with industry and regulatory frameworks and providing clarity and guidance for the enterprise IS policies, standards, and supporting programs. SMEs and other key stakeholders are consulted throughout the process, providing feedback, impacts and risk reduction opportunities across the enterprise.


You won’t just see the problem, you’ll drive the solution.

On a daily basis you will be asked to:

  • Consult with and educate business and technology colleagues, providing guidance on intent and interpretation of security policy areas.

·        Evaluate the impact of new and changing laws, rules, and industry practices, identify potential gaps, while communicating and coordinating updates to affected policy, standards, and control owners. 

·        Monitor status of identified gaps to ensure that gaps are appropriately dispositioned.

·        Provide governance for policies, standards, and controls to ensure risks are aligned with business and compliance information security risk management strategy. 

·        Support key risk management programs, including a risk data model, controls catalog, risk register, risk acceptances and supporting metrics.

  • Leverage automated tools to map IS & IT policies and standards to regulations, compliance requirements and guidance as needed.
  • Craft the wording of policy areas, aligning with feedback from SMEs and Key Stakeholders to meet the strategic vision of leadership of those areas.
  • Advise technology and business teams on the risks of not meeting requirements of IS policy areas through support of the exceptions process.
  • Demonstrate strong partnership and collaboration skills across the IT Risk and Information Security and GRBC organizations.
  • Drive creative thinking to generate insights, alternatives, and technical terms within key policy areas of information security.
  • Demonstrate ability to consider multiple viewpoints and bring them to consensus.
  • Support the construction of a data dictionary in partnership with IT Risk and IS leadership to drive consistency among data classification and handling for the enterprise.
  • Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations. 
  • Strong interpersonal relationship skills with ability to quickly establish new relationships.

American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.


We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.


Because we believe that the best way to back our customers is to back our people.


The powerful backing of American Express.

Don’t make a difference without it.

Don’t live life without it.



Do you have what it takes to lead the way in cyber security?
  • Bachelor’s or Master’s Degree in related field preferred.
  • CISSP or CASP required.
  • CISA or CISM preferred.
  • 5 years of Information Security experience required (10+ years preferred).
  • Expertise in network security, cryptography, identity and access management, incident response, third party risk, operational and system security preferred.
  • Exceptional communication skills, both written and presentation.
  • Shares expertise and knowledge to support teams.
At the core of Information Security.
Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:
  • Agile Practices
  • Emerging Technologies
  • Technical Process Improvement
  • Information Risk Management
  • Analytical Thinking
  • Coaching and Mentoring

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 18017914
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Nov 9, 2018, 4:24:13 PM
Apply Get Referred