Information Security Manager

Get Referred

Job Description

Why American Express?


There’s a difference between having a job and making a difference.

American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.

We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.

Because we believe that the best way to back our customers is to back our people.


The powerful backing of American Express.

Don’t make a difference without it.

Don’t live life without it.  


It’s more than protecting information, it’s protecting people.


Information Security Managers know security is a top priority for our business, our partners, and customers. As cyber-attacks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The IT Risk Assessment Team works across information technology groups to identify risks and assist with control development and metrics determination to enable continuous control monitoring. The team is responsible for developing and applying a more focused IT Risk lens across multiple functions and business units throughout American Express, enabling the enterprise to identify and respond to inherent and residual technology risks while ensuring regulatory and Operational Risk Governance Groups (ORGG) requirements are being met.

You won’t just see the problem, you’ll drive the solution.

On a daily basis you will be asked to:


•Work with key stakeholders within information technology and information security to identify risks and recommend control implementations.

•Lead the performance of design assessments on current technology controls to determine control maturity and identify potential improvement opportunities.

•Review defined metrics that support operating effectiveness conclusions and enable continuous control monitoring.

•Lead the performance of thematic root-cause analysis on recurring technology caused events to identify unmitigated risks and areas for control enhancements.

•Lead and assist with the performance of key IT risk assessments including: IT enterprise risk self-assessment, IT residual risk assessment, and critical customer journey IT control reviews.

•Ensure various compliance requirements (SOX, BASEL, GLBA, etc) are met through implementation of controls

•Refine risk libraries and associated questionnaires to ensure business teams are appropriately addressing technology and information security risk. 

•Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations.

•Drive creative thinking to generate insights, alternatives, and technical terms within key areas of technology.

•Demonstrate ability to consider multiple viewpoints and bring them to consensus.



Do you have what it takes to lead the way in cyber security?

  • Bachelor’s or Master’s Degree in related field preferred.

  • CISA, CISM, or CRISC required.

  • 7 years of relevant experience required, 10+ years preferred.

  • Experience with development and/or assessment of technology and information security controls.

  • Expertise in assessing technology risks and development of controls to mitigate risks.

  • Expertise in key technology domains including: change management, incident and problem management, event management, SDLC and application development, service continuity/availability.

  • Experience in key information security domains including: application security, identity and access management, and IT Asset and Configuration management.

  • Experience in automation and data analytics to enable process improvement preferred.

  • Banking or Financial Services industry experience preferred.

  • Audit and compliance experience preferred.

  • Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise to drive results.

  • Exceptional communication skills, both written and presentation.

  • Shares expertise and knowledge to support teams.

  • Strong interpersonal relationship skills with ability to quickly establish new relationships.

At the core of Information Security.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

  • Agile Best Practices (Understanding the framework and how to apply)

  • Emerging Technologies (Cloud, Blockchain, etc)

  • Analytical Thinking (Analyzing complex information and identifying the most relevant details)

  • Technical Process Improvement

  • Information Risk Management

  • Coaching and Mentoring

  • Collaboration & Teamwork

  • Industry and Company Knowledge

  • NIST, ISO, PCI, NYDFS, etc.

  • RSA Archer toolset


ReqID: 19016238
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Sep 6, 2019, 6:52:07 AM