American Express Careers

Director Information Security - Policies Standards and Awareness

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?

There’s a difference between having a job and making a difference.


American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.


We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.


Because we believe that the best way to back our customers is to back our people.

The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.

Director Information Security Policies, Standards, and Awareness

It’s more than protecting systems and data.
It’s protecting people.

The American Express IT Risk and Information Security (ITRIS) organization is currently hiring a Director of Information Security Policies, Standards, and Awareness reporting to Vice President of ITRIS.  This position will be responsible for leading the program providing guidance to drive an IT risk and security mindset aligned with enterprise risk appetite through information security and technology policies, standards, processes and awareness activities. 

The Information Security (IS) Policies, Standards, and Awareness team works with leadership to formalize the vision of each area, crafting language and providing clarity and guidance for the enterprise IS policies, standards, and supporting documents. SMEs and other key stakeholders are consulted throughout the process, providing feedback on impact and affirming technical terminology is appropriate throughout documentation.


You won’t just see the problem, you’ll drive the solution.


New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing:

  • Provide guidance on information security policies, standards, and awareness activities to the enterprise.

  • Encouraging employee contribution, such as feedback, career development planning, and goal setting.

  • Developing plans and strategies around information security policies, standards, and awareness activities.

  • Responding to changes in the regulatory environment and assisting other organizations in doing the same.

  • Making strategic recommendations to enhance related policies, standards and awareness activities within information security and IT risk around compliance and governance.

  • Demonstrate strong partnership and collaboration skills across the IT Risk and Information Security and GRBC organizations.

  • Drive creative thinking to generate insights, alternatives, and technical terms within key policy areas of information security.

  • Demonstrate ability to consider multiple viewpoints and bring them to consensus.

  • Support the construction of a data dictionary in partnership with IT Risk and IS leadership to drive consistency among data classification and handling for the enterprise.   


Do you have what it takes to lead the way in cyber security?

  • Bachelor’s Degree required. Master’s Degree preferred.
  • Two or more of the following certifications preferred: CISSP, CISA, CISM, CASP
  • 10+ years of Information Security experience required, 15+ years preferred.
  • Previous people leadership experience required, including interviewing and hiring, preferably within the ITRIS organization.
  • Experience leading colleagues and contractors in diverse locations.
  • Conceptual knowledge of network security, cryptography, access management, incident response, third party risk, operational and system security required. Technical or functional experience with these areas preferred.
  • Exceptional communication skills, both written and presentation.
  • Demonstrated ability to deliver on time and on budget
At the core of Information Security.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

  • Agile Practices
  • Emerging Technologies
  • Technical Process Improvement
  • Business Process Improvement
  • Information Risk Management
  • Analytical Thinking
  • Coaching and Mentoring
  • Collaboration & Teamwork
  • Industry and Company Knowledge
  • NIST, ISO, PCI, NYDFS, Data Localization

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions. 

ReqID: 19016470
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Sep 4, 2019, 7:47:14 PM
Apply Get Referred