American Express Careers
Information Security Specialist
Information Security Specialist – RACF and Database Activity Monitoring
Our Information Security Specialists know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase, and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future. So, if you are dedicated to the latest technology and motivating others, secure your career here.
You won’t just see the problem coming, you’ll see the solution.
New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing:
- Providing guidance on information security processes, controls, and compliance, and information security risk management to team members.
- Developing plans and strategies for information security tools, processes, and programs.
- Responding to changes in the regulatory environment and assisting other organizations in doing the same.
The primary focus for the Information Security Specialist is to work with technology and Business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls and information security risk management. Works individually and with teams on both structured and unstructured assignments. Responsible for key deliverables of one or multiple information security initiatives, projects, or programs with a discipline in preserving the confidentiality, integrity, and availability of systems and processes across the enterprise. Conducts security assessments of applications as it relates to the architectural and operational design of applications within the mainframe environment. Requires experienced knowledge in Information Security practices, tools, and processes. This position is part of the Identity and Access Management (IAM) team within Information Security.
Specific responsibilities include:
- Act as counsel / advisor to Director regarding IAM security discipline trends, innovation, vision etc.
- Engage and collaborate with application teams looking to leverage mainframe environment to host their applications by ensuring security is built into the application early within the SLDC process
- Develop tools and processes to detect and then correct or prevent application or user behaviors that do not meet Information Security Standards
- Participate in the development of strategies for information security processes and programs
- Support the investment decision process by developing business cases and cost benefit analyses for new information security solutions
- Build reports and other materials to assist in prioritizing activities related to various threats to mainframe operations
- Recommend resource types and skill sets required to resolve project and process issues
- Document current and desired future state capabilities, incorporating industry leading technologies that improve AXP's ability to handle IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security
- Develop and define IT and information security standardized metrics and criteria
- Facilitates improvement solutions by working with all levels across Technology to establish security technology solutions that align with business strategies, IT strategic directions and compliance objectives
- Provides consultation to internal Business partners, customers and Vendors in assessing information security risks and mitigating controls to protect corporate intellectual capital, and other sensitive data
In addition, the Information Security Specialist will:
- Actively participate in the development of IAM strategy and tactical planning and prioritization of initiatives across all IAM disciplines with a strong focus on analytics and reporting.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage risk associated with Identity and Access Management
- Facilitates improved solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
- Provides consultation to internal Business partners, customers and Vendors in assessing information security risks and implementing mitigating controls to protect corporate intellectual capital, and other sensitive data
- Accountable for providing consultative support and best practice guidance for information security initiatives
- Accountable for ensuring security best practices, policies, and procedures are implemented
- Accountable for creating and delivering timely, accurate and insightful analysis based on critical IAM risk and operational controls
- Knowledge in technology infrastructure security, networking, databases, systems and/or Web operations; or other information security disciplines
- Knowledge of integrated data concepts and experience with visualization tools (Visio, Power BI and Tableau), data ingestion, data and metrics definitions.
- Knowledge of frameworks, standards, and best practices (i.e., NIST, PCI, ISO, COBIT, CMMI)
- Subject matter expertise in mainframe Authentication and Authorization mechanisms with deep understanding of RACF.
- 3+ years direct work involving reducing risk within z/OS systems
- Experience with information security risk management and process improvement.
- 2+ years of development of mainframe activity detection tools such as BMC AM
- Strong working knowledge of SDLC, ITIL, and other change management policies.
- Requires knowledge or awareness in security, compliance and/or other risk domain(s).
- Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance.
- 5+ years of Information Security / Identity and Access Management Experience
- Bachelor’s Degree in Computer Science, Information Systems, Business Administration, or other related field (or equivalent work experience) is preferred. Holds, or will soon attain CISM, CRISC, CISSP or other Security Certifications.
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Aug 23, 2019, 7:14:46 AM