American Express Careers

Information Security Manager

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?


There’s a difference between having a job and making a difference.


American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.


We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.


Because we believe that the best way to back our customers is to back our people.


The powerful backing of American Express.

Don’t make a difference without it.

Don’t live life without it.

It’s more than protecting systems and data.

It’s protecting people.

Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future.  So if you are dedicated to the latest technology and motivating others, secure your career here.


Information Technology Risk Assessments protect enterprise value by providing timely and reliable technology risk assessments to influence critical business and technology decisions. Our mission is to; regularly and accurately measure, catalog, and communicate technology risk.


Key responsibilities include:

  • Perform technical IT/IS risk assessments and control effectiveness assessments using a combination of available metrics and expert interviews
  • Help build project management rigor by creating work delivery cadences across team initiatives, manage stakeholder communications, work output tracking, and documentation management.  
  • Provide guidance on information security processes, controls, and compliance, and information security risk management to team members
  • Work with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls and information security risk management.
  • Conducts security assessments of applications and platforms with respect to design and implementation of system and application code
  • Considers innovative attack techniques to foil protective design and in-place mitigations
  • Participates in the development of strategies for information security processes and programs
  • Creates reports and other materials to assist in prioritizing activities related to various threats to web and network operations
  • Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
  • Provide ongoing awareness and education of industry efforts and statistics relevant to information security
  • Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
  • Provides consultation to internal business partners, customers and vendors in assessing information security risks and mitigating controls to protect corporate intellectual capital, and other sensitive data


Do you have what it takes to lead the way in cyber security?

Required Work Experience, Education, Certification / Training:

  • Bachelor’s degree in computer science, information systems, network security or other related field.
  • Hands on experience with SDLC, Agile, and CI/CD. Programming experience is a plus
  • Professional certifications a plus (CISSP, CRISC, CISA, PCI, CISM or equivalent)
  • At least 5 years’ work experience in information security
  • Technical background with hands-on experience across a variety of technologies
  • Proficiency in application development or risk management and audit (risk/security policies, procedures and controls)
  • Thorough knowledge understanding of risk and control frameworks e.g. NIST, ISO, PCI DSS, STRIDE, ATT&CK

Required Knowledge, Skills and Abilities:

  • Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; cloud security; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance
  • Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
  • Knowledge of applicable information security standards and regulatory requirements
  • Excellent written and oral communication skills
  • Highly self-motivated and directed
  • Keen attention to detail

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions. 

ReqID: 19016251
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Aug 30, 2019, 12:48:24 PM
Apply Get Referred