You Lead the Way. We've Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we're supporting our customers' financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what's possible - and we're proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
This position, reporting to the Director of Third-Party Assessments, will be part of a team responsible for performing technical assessments/inspections of the company's most critically sensitive third parties. The Manager will be responsible for physical and logical inspection of Information Security and Technology controls, publish assessment results. They will need to issue gaps provide consultation and validate remediation of gaps. The candidate will play a key role in facilitating joint Disaster Recovery planning and testing of critical third parties and American Express. Additionally, there are expectations of working with multiple teams; external assessors, continuous monitoring, risk management and product/tool management to ensure readiness and effective of process and monitoring tools.
Responsibilities also include:
Performance of technical physical and logical assessments for in-scope third parties.
Assist with evaluation of tools / technologies to support monitoring capabilities.
Perform on-going tracking and monitoring of progress and assist in management reporting on a periodic basis.
Facilitate and coordinate joint Disaster Recovery testing of critical third parties and American Express
10+ years of experience in Information Security, and/or Third Party required, additional expertise in Disaster Recovery highly preferred.
Demonstrated expertise in Information Security and Third-Party Risk
Familiarity with secure software development practices
Expertise in web and mobile application vulnerabilities, detection and mitigation strategies
Expertise in DAST and SAST scanning technologies, ethical hacking experience desired but not required.
Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI highly preferred
Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.
Proven excellent relationship management skills with all levels of the enterprise are required
Ability to effectively collaborate across teams
Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders
Ability to identify gaps between one's skillset and the needs of the team.
Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
Ability to analyze complex information and identify the most relevant details.
Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
Ability to travel to perform physical assessments at Third Parties
Bachelor's Degree in Computer Science or Engineering preferred
United States Only:
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.
US Job Seekers/Employees
If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters.