Information Security Analyst I

Get Referred

Job Description

Why American Express?

There’s a difference between having a job and making a difference.

American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.

Because we believe that the best way to back our customers is to back our people.


The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.



Our Information Security Analysts know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future.  So if you are dedicated to the latest technology and motivating others, secure your career here.


 You won’t just see the problem coming, you’ll see the solution.


 New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing:

•Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
•Encouraging employee contribution, such as feedback, career development planning, and goal setting.
•Developing plans and strategies for information security tools, processes, and programs
•Responding to changes in the regulatory environment and assisting other organizations in doing the same.





The primary focus for the Information Security Analyst is to support the Identity and Access Management Engagement and Release Management functions.  The analyst will be responsible for leading and supporting requesters through the IAM engagement request process through to project delivery across multiple time zones. The analyst will ensure project solutions have appropriate IAM controls and are of the highest quality. Initial customer engagement includes request analysis, meeting with client and documenting objectives and value of the requests, identifying next steps and providing status updates. Once the request is closer to implementation, the analyst will ensure the requester is kept abreast of the project status, resolve issues and concerns and collaborates with development teams to help address open queries. During post implementation, the analyst will ensure that all requirements are delivered as expected and continue to support any issues/concerns from the customer by following up with appropriate teams and providing updates. This position is part of the Identity and Access Management (IAM) team within Information Security.




Specific responsibilities include:


•Engagement management


◦Conduct requirement/information gathering sessions with business and technical partners to assist in writing clear and concise objectives and value(s) for IAM requests.

◦Analyze and assign initial prioritization of IAM requests and leverage IAM knowledge of tools and processes to determine proper request handling.

◦Facilitate meetings with IAM directors to review, prioritize and align on IAM request handling.

◦Prioritize, manage and monitor IAM engagement work queue and mailbox to ensure quality and expedient project releases.

◦Track, monitor and update the progress of engagement requests and defects. Engages with requesters to ensure requirements are delivered as expected.

◦Utilizes tools and documented processes to ensure consistency and optimization of information security processes.

◦Maintains internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements.

•Release management


◦Supports maintenance of the release schedule, conducting release readiness reviews and go/no go reviews. 

◦Manages risks and resolves issues that affect release scope, schedule and quality.

◦Manages relationships and coordination of work between different teams at various locations.

◦Works toward continuous process improvements in the release process.

◦Prepares and maintains materials including tutorials, knowledge cases,etc. for end user and help desk resources consumption.  Facilitate overviews of processes for colleagues as releases are implemented.


•In addition, the Information Security Analyst will:

◦Take initiative to drive results

◦Possess strong collaboration skills

◦Analyze information and identify the most meaningful details

◦Show personal determination and resilience; is optimistic in changing circumstances

◦Continually seek and learn from feedback

◦Clearly explain ideas and concepts to others – written and verbal communication is structured, compelling, and impactful, and builds a credible impression

◦Be knowledgeable of SailPoint Identity IQ, Archer, and Rally tools and Release Management practices

◦Beknowledgeable of IAM frameworks, standards, and best practices (i.e.NIST, ISO, COBIT, CMMI)





  • Experience with Identity and Access Management tools, IT Standards / IS Policies, documentation of new controls

  • Experience with information security risk management and process improvement.

  • Must have knowledge or awareness in security, compliance and/or other risk domain(s).

  • Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance.

  • 3+ years of Information Security / Identity and Access Management Experience  

  • Bachelors Degree in Information Systems, Business Administration, CISM, CRISC, CISSP or other Security Certifications or other related field (or equivalent work experience) is preferred.

ReqID: 19018955
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Dec 3, 2019, 6:40:40 AM