American Express Careers

Information Security Manager- IAM

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?
There’s a difference between having a job and making a difference.
American Express has been making a difference in people’s lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take
on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning
and collaboration, and helping them with what they need to succeed and thrive. We
have their backs as they grow their skills, conquer new challenges, or even take time to
spend with their family or community. And when they’re ready to take on a new career
path, we’re right there with them, giving them the guidance and momentum into the
best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.

Don’t live life without it


Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future.  So if you are dedicated to the latest technology and motivating others, secure your career here.


You won’t just see the problem coming, you’ll see the solution.


New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing: 

  • Developing plans and strategies for information security tools, processes, and programs
  • Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
  • Encouraging employee contribution, such as feedback, career development planning, and goal setting.
  • Responding to changes in the regulatory environment and assisting other organizations in doing the same.



The primary focus for the Information Security Manager is designing processes and products with outcomes that effectively protect the enterprise and the related management of regulatory/compliance. Provides consultation and strategic recommendations to internal business partners, customers and vendors in assessing secure business solutions and mitigating controls to protect corporate intellectual capital and other sensitive data. Leads small teams of information security professionals. This position is part of the Identity and Access Management (IAM) team within Information Security.


Specific responsibilities include:

  • Provides day-to-day operational management for the IAM Strategic Operations function including finance, resource planning and strategy and vendor management.
  • Leads IAM Strategic Big Bet initiatives through collaboration across IAM functions and other technology organizations, leveraging the agile framework including Rally and Jira
  • Implements processes and methods for auditing and addressing non-compliance to information security standards and methodologies; facilitates migration of non-compliant environments to compliant environments
  • Defines, develops, and implements appropriate metrics for ongoing reporting; acts as required based on trend data
  • Supports stakeholders to achieve targeted levels of information security, project oversight, and controls
  • Act as counsel / advisor to Director regarding IAM security discipline trends, innovation, vision etc.



In addition, the Information Security Manager will:

  • Participate in the development of IAM strategy, tactical planning and prioritization of initiatives across all IAM disciplines with a strong focus on portfolio management and cross functional product initiatives.
  • Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage risk associated with Identity and Access Management
  • Provide ongoing awareness and education of industry efforts and statistics relevant to information security in general and Identity and Access Management
  • Facilitates improved solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
  • Provides consultation to internal Business partners, customers and Vendors in assessing information security risks and implementing mitigating controls to protect corporate intellectual capital, and other sensitive data
  • Respond to requests for portfolio information including BUR, monthly finance review and updates on strategic big bets
  • Accountable for ensuring security best practices, policies, and procedures are implemented
  • Accountable for creating and delivering timely, accurate and insightful analysis based on critical IAM risk and operational controls
  • Knowledge in technology infrastructure security, networking, databases, systems and/or Web operations; or other information security disciplines
  • Knowledge of integrated data concepts and experience with visualization tools (Visio, Power BI and Tableau), data ingestion, data and metrics definitions.
  • Expertise using MS Productivity Suite, Concur, Clarity, Fieldglass, PMDB, Ariba, Rally and Jira to manage large complex initiatives. 
  • Knowledge of frameworks, standards, and best practices (i.e., NIST, PCI, ISO, COBIT, CMMI)




Experience leading key strategic programs and developing products to increase employee experience and productivity.


Experience with information security risk management and process improvement; Must have knowledge or awareness in security, compliance and/or other risk domain(s) Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance.


Educational requirement: Bachelor’s Degree in Computer Science, Information Systems, Business Administration, or other related field preferred (or equivalent work experience). Holds or will soon attain CISM, CRISC, CISSP or other Security Certifications.


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 19009164
Schedule (Full-Time/Part-Time): Full-time
Date Posted: May 14, 2019, 4:36:14 PM
Apply Get Referred