Why American Express?
There’s a difference between having a job and making a difference.
AmericanExpress has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.Enterprise Security ArchitectAmerican Express is looking for an accomplished Enterprise Security Architect to effectively
translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. In this role you will be integral to defining and assessing the organization's security strategy, architecture, and practices through collaboration with other security teams and architects. You will interpret business, technology, and threat drivers, and develop practical solutions and roadmaps that align with these drivers. You will translate complex security-related concepts into business terms that are readily understood by leaders and peers. You will understand and evaluate the financial costs and trade-offs of recommended technologies and solutions. You will draft project plans for security service and technology deployments and collaborate with partners and stakeholders across the organization.
- Contributing to a security architecture process that enables the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with business, technology, and threat drivers
- Developing and collaborating on strategies and roadmaps based on enterprise architecture practices
- Creating and maintaining security architecture artifacts (i.e. models, patterns, templates, etc) that can be used (and reused) to leverage security capabilities in new initiatives and operations
- Tracking developments and changes in the digital business and threat landscape to ensure they're adequately addressed in security strategies and architecture artifacts
- Participating in application and infrastructure projects and other business initiatives to provide security-planning guidance
- Validating reference architectures for security best practices and recommending changes to enhance security and reduce risk, where applicable
- Reviewing security technologies, tools, and services and making recommendations to the broader security organization for their use
- Liaising with other architects and security practitioners to share best practices and insights
- Advocating for security requirements and objectives, while ensuring that security architectures and practices do not impede the needs of the business
Experience using architecture methodologies such as SABSA, Zachman, and/or TOGAF
Experience or knowledge of regulations and standards including PCI-DSS, GDPR, and NIST Cybersecurity Framework
5 to 7 years of work experience in three or more of the following domains:
Managing security infrastructure (e.g. firewalls, IPS, WAF, endpoint protection, SIEM, and log management technology)
Reviewing application code for security vulnerabilities
Using vulnerability management tools
Conducting threat-modeling exercises on new applications, systems, and services
Architecting full-stack systems and infrastructure:
Designing IAM technologies and services
Designing and deploying applications and infrastructure into public and private cloud environments
Working knowledge of IT service management (e.g., ITIL-related disciplines)
Bachelor’s Degree in computer science, information systems, cybersecurity, or related field; advanced degree preferred
Information security certifications preferred: CISSP, CISM, CISA, SABSA or similar
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Aug 21, 2019, 11:51:12 AM