Why American Express?
There’s a difference between having a job and making a difference.
American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.
It’s more than protecting information, it’s protecting people.
Information Security Managers know information technology risk is a top priority for our business, our partners, and customers. As technology risks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The Information Technology Risk Management team works across information technology groups to identify risks and assist with control development and metrics determination to enable continuous control monitoring. It is the information technology risk team’s responsibility to develop a common understanding of risk across multiple business units within American Express, enabling the enterprise to identify and respond to IT risks while ensuring regulatory and compliance requirements are met.
You won’t just see the problem, you’ll drive the solution.
On a daily basis you will be asked to:
- Work with key stakeholders within information technology and information security to identify risks and recommend control implementations.
- Lead the performance of design assessments on current information technology controls to identify potential improvement opportunities.
- Define metrics to support operating effectiveness conclusions and enable continuous control monitoring.
- Lead the performance of thematic root-cause analysis on recurring technology caused events to identify unmitigated risks and areas for control enhancements.
- Ensure various compliance requirements (SOX, BASEL, GLBA, etc) are met through implementation of controls
- Refine risk libraries and associated questionnaires to ensure business teams are appropriately addressing technology and information security risk.
- Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations.
- Drive creative thinking to generate insights, alternatives, and technical terms within key areas of technology.
- Demonstrate ability to consider multiple viewpoints and bring them to consensus.
Do you have what it takes to lead the way in cyber security?
- Bachelor’s or Master’s Degree in related field preferred.
- CISA, CISM, or CRISC required.
- 5 years of relevant experience required, 7+ years preferred.
- Experience with development and/or assessment of technology and information security controls.
- Expertise in assessing information technology risks and development of controls to mitigate risks.
- Expertise in key information technology domains including: change management, incident and problem management, event management, SDLC and application development, service continuity/availability.
- Experience in key information security domains including identity and access management, and IT Asset and Configuration management.
- Experience in automation and data analytics to enable process improvement preferred.
- Banking or Financial Services industry experience preferred.
- Audit and compliance experience preferred.
- Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise to drive results.
- Exceptional communication skills, both written and presentation.
- Shares expertise and knowledge to support teams.
Strong interpersonal relationship skills with ability to quickly establish new relationships.
At the core of Information Security.
Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:
- Agile Best Practices (Understanding the framework and how to apply)
- Emerging Technologies (Cloud, Blockchain, etc)
- Analytical Thinking (Analyzing complex information and identifying the most relevant details)
- Technical Process Improvement
- Information Risk Management
- Coaching and Mentoring
- Collaboration & Teamwork
- Industry and Company Knowledge
- NIST, ISO, PCI, NYDFS, etc.
- RSA Archer toolset
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jan 9, 2020, 7:13:57 PM