American Express Careers

Information Security Manager - Third Party Risk – Application Security (Web & Mobile)

Bangalore, India
Digital Commerce Technology

Apply Get Referred

Job Description

Information Security Manager – Third Party Risk – Application Security (Web & Mobile)
 
This position, reporting to the Director of Third Party Security Monitoring, will be part of a team responsible for the continuous monitoring of the company’s most critically sensitive third parties.  The team is also responsible for performing in depth technology and information security assessments of critical third parties.
 
The person in this position will be responsible for managing third party application (Web & Mobile) security risk specifically focused on aspects of assessing, monitoring, and reporting on third party risks, process recommendations, testing of program controls.
 
Responsibilities also include:
  • Support execution of technical evaluation of web and mobile applications for in-scope third parties.
  • Assist with evaluation of tools / technologies to support monitoring capabilities.
  • Perform on-going tracking and monitoring of progress, and assist in management reporting on a periodic basis.

Qualifications

  • 10 years’ experience in Information Security and/or Third Party Management
  • Demonstrated expertise in Application Security and Third Party Risk, specifically web and mobile application security, configurations, vulnerability, change management, SDLC.
  • Knowledge of Agile, Waterfall, or Scrum
  • Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)
  • Demonstrable experience in solving challenging technical problems in the following areas:
    • Single Page web application development and Modern web development
    • Unix/Linux environment management
    • Software security
    • Cloud based continuous delivery and environment management
    • Large, distributed system development
    • Processing and analyzing large data sets
  • Demonstrable experience with JavaScript, Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
  • A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.  
  • Proven excellent relationship management skills with all levels of the enterprise are required
  • Ability to effectively collaborate across teams
  • Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders 
  • Ability to identify gaps between one’s skillset and the needs of the team.
  • Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
  • Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
  • Involving the right people to ensure the best decisions are made in a timely manner
  • Ability to analyze complex information and identify the most relevant details.
  • Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
  • Strong sense of personal accountability and ability to drive results
  • Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI highly preferred  
  • Bachelor’s Degree in Computer Science or Engineering preferred

ReqID: 19008063
Schedule (Full-Time/Part-Time): Full-time
Date Posted: May 29, 2019, 7:30:22 AM
Apply Get Referred