American Express Careers

Director IT Risk & Information Security – Third Party Security Monitoring

New York, New York
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?
There’s a difference between having a job and making a difference.
American Express has been making a difference in people’s lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take
on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning
and collaboration, and helping them with what they need to succeed and thrive. We
have their backs as they grow their skills, conquer new challenges, or even take time to
spend with their family or community. And when they’re ready to take on a new career
path, we’re right there with them, giving them the guidance and momentum into the
best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.
The Director of Third Party Security Monitoring reports directly to the Vice President, IT Risk Management and Services.  The person in this position will lead a team of subject matter experts responsible for performing in depth technology and information security reviews and continuous security monitoring of AMEX’s critical.
In partnership with Information Security, Third Party Lifecycle Management, this position will be responsible for managing, assessing, monitoring, and reporting on critical third party security risks. The role will require active engagement across owning business units and operational risk teams.
Success in this roll will ensure that deliverables and milestones satisfy defined objectives and the expectations of a variety of stakeholders, including the CISO, CIO and other senior leaders within Technologies and other internal and external stakeholders.
Responsibilities also include:
  • Supporting execution of technical assessments for in-scope third parties.
  • Assisting with evaluation, selection and implementation of tools / technologies to support monitoring and operational capabilities
  • Identifying and helping prioritize risks identified via activities of the team
  • Driving risk based decisions with the owning business and risk teams
  • Performing on-going tracking, monitoring of progress, escalation and governance of identified issues on a periodic basis
  • Partner with and influence strategic direction on third party risk management and monitoring capabilities within company and industry partners



  • Prefer 15+ years of experience in Information Security and/or IT Risk organizations
  • Third party security experience desired but not required
  • Demonstrated expertise in two or more of the following:
    • Application Security (web & mobile)
    • Third Party Risk Management
    • Network and Infrastructure Security
    • Cyber Threat Intelligence
    • Third Party Risk Management
  • A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, cloud security, data loss prevention, and incident management
  • Capable of explaining technical concepts to a non-technical audience
  • Track record of innovation, results and ability to affect change across functions
  • Strategic thought leader, with experience in developing strategies, and processes to deliver against the designed objectives.
  • Ability to understand, analyze data and produce meaningful conclusions
  • Ability to set priorities, resolve issues, provide guidance and secure engagement and commitment from teams
  • Proven ability to drive change across a global organization to improve efficiencies
  • Proven management and leadership experience
  • Proven collaboration skills along with the ability to influence without authority
  • Strong interpersonal, leadership and change management skills, as well as solid presentation communication skills (written, graphical, quantitative and verbal
  • Exceptional ability to engage, educate, influence and collaborate across the enterprise
  • Strong sense of personal accountability and ability to drive results
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.  
  • Proven excellent relationship management skills with all levels of the enterprise are required
  • Ability to effectively collaborate across teams
  • Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders 
  • Ability to identify gaps between one’s skill set and the needs of the team.
  • Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
  • Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
  • Involving the right people to ensure the best decisions are made in a timely manner
  • Ability to analyze complex information and identify the most relevant details.
  • Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
  • Educational Preference :  Master’s Degree or equivalent experience
  • Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, CEH or PCI highly preferred  


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 19004716
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Mar 11, 2019, 3:10:31 PM
Apply Get Referred