American Express Careers
Information Security Manager
This position, reporting to the Director of Third Party Security Monitoring, will be part of a team responsible for the continuous monitoring of the company’s most critically sensitive third parties. The team is also responsible for performing in depth technology and information security assessments of critical third parties.
The person in this position will be responsible for managing third party application (web & mobile) security risks, specifically focused on aspects of assessing, monitoring, and reporting on third party risks, process recommendations, and testing of program controls.
Responsibilities also include:
- Support execution of technical evaluation and assessment of web and mobile applications for company’s most critical third parties, including but not limited to vulnerability assessments, penetration testing, configuration reviews, and code reviews
- Perform on-going tracking and monitoring of remediation progress and report to management on a periodic basis
- Assist with evaluation, development, and management of tools and technologies to support ongoing monitoring capabilities
- Participate in and assist with real-time monitoring, cyber threat-intelligence, and incident response capabilities as related to company’s critically sensitive third parties.
- 8+ years of experience in Information Security, with at least 5 years of experience in web application security and / or mobile security
- Demonstrated expertise in application security, specifically web and mobile application security, secure configuration, vulnerability management, database security, and cloud platform security.
- Working knowledge of agile, waterfall, and scrum development, SDLC, and change management
- Understanding of third party risk concepts, data protection, identity management, and how breaches occur.
- Demonstrable experience in solving challenging technical problems in the following areas:
- Web application development
- Unix/Linux environment management
- Software security
- Cloud based continuous delivery and environment management
- Large, distributed system development
- Processing and analyzing large data sets
- Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
- Expert knowledge of CIS Critical Controls, OWASP Top 10, and ability to effectively communicate and articulate information security risks
- Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
- Operational understanding of TCP/IP, computer networking and common protocols such as DNS, SMTP, HTTP, etc.
- A broad understanding of the Information Security core concepts and terminology, IT controls, and best practices across key risk domains, including risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
- Self-motivated team player with the ability to handle multiple work streams and support various collaborative projects to completion
- Excellent relationship skills with the ability to effectively collaborate across various teams and with external vendors, suppliers, and partners
- Ability to quickly and sufficiently learn new processes, techniques, and technologies and be able to speak with an informed opinion and create a credible impression with stakeholders
- Ability to identify gaps between one’s skillset and the needs of the team and effectively seek and utilizing feedback from leaders and mentors to address gaps
- Ability to clearly present options and make compelling recommendations
- Ability to analyze complex information and identify the most relevant details
- Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
- Strong sense of personal accountability and ability to drive results
- Bachelor’s Degree in Computer Science, Engineering or similar technical field of study, or equivalent practical experience
- Occasional off-hours and weekend work required
- Bachelor’s degree in computer science, engineering or similar technical field of study, or equivalent practical experience
- Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI highly preferred.
Why American Express
Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.
If the links do not work, please copy and paste the following URLs in a new browser window:
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jul 5, 2019, 11:05:49 AM