Information Security Analyst

Get Referred

Job Description

Why American Express?

There’s a difference between having a job and making a difference.

American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.

We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.

Because we believe that the best way to back our customers is to back our people.

The powerful backing of American Express.

Don’t make a difference without it.

Don’t live life without it.

Information Security Analyst

It’s more than protecting information, it’s protecting people.

Information Security Analysts know information technology risk is a top priority for our business, our partners, and customers. As technology risks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The Information Technology Risk Management team works across information technology groups to identify risks and assist with control development and metrics determination to enable continuous control monitoring. It is the information technology risk team’s responsibility to develop a common understanding of risk across multiple business units within American Express, enabling the enterprise to identify and respond to IT risks while ensuring regulatory and compliance requirements are met.

You won’t just see the problem, you’ll drive the solution.

On a daily basis you will be asked to:

  • Work with stakeholders within information technology and information security to identify risks and assist with control implementation recommendations.
  • Perform design assessments on current information technology controls to identify potential improvement opportunities.
  • Review metrics to support operating effectiveness conclusions and enable continuous control monitoring.
  • Perform thematic root-cause analysis on recurring technology caused events to identify unmitigated risks and areas for control enhancements.
  • Ensure various compliance requirements (SOX, BASEL, GLBA, etc) are met through implementation of controls
  • Refine risk libraries and associated questionnaires to ensure business teams are appropriately addressing information technology risk.  
  • Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations.
  • Drive creative thinking to generate insights, alternatives, and technical terms within key areas of technology.


Do you have what it takes to lead the way in cyber security?

  • Bachelor’s or Master’s Degree in related field preferred.

  • CISA, CISM, or CRISC preferred.
  • 2 years of relevant experience required, 4 years preferred.
  • Experience with development and/or assessment of information technology controls required.
  • Experience with assessing technology risks and development of controls to mitigate risks.
  • Experience in at least 3 of the following key information technology domains: identity and access management, change management, incident and problem management, event management, SDLC and application development, service continuity/availability, and IT Asset and Configuration management.
  • Experience in automation and data analytics to enable process improvement preferred.
  • Audit and compliance experience preferred.
  • Banking or Financial Services industry experience preferred.
  • Demonstrated ability to learn new competencies on the job while driving results.
  • Ability to meet deadlines in a multi-tasked environment.
  • Exceptional communication skills, both written and presentation.

At the core of Information Security.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

  • Agile Best Practices (Understanding the framework and how to apply)
  • Emerging Technologies (Cloud, Blockchain, etc)
  • Analytical Thinking (Analyzing complex information and identifying the most relevant details)
  • Technical Process Improvement
  • Information Risk Management
  • Collaboration & Teamwork
  • Industry and Company Knowledge
  • NIST, ISO, PCI, NYDFS, etc.
  • RSA Archer toolset

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions. 

ReqID: 20000400
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jan 10, 2020, 1:13:06 AM