The position, located in Phoenix, is part of the Global Risk, Banking & Compliance organization and reports to the Vice President of Information Security and Information Technology Oversight. Strong information technology and information security are key contributors to loyalty, trust and customer experience, and the American Express brand. Properly assessing, managing, and overseeing global information technology and information security risk is critical to the Companys business. The successful candidate will have deep information security and information technology expertise, including industry knowledge and awareness of emerging technologies and threats which impact cyber security. The position requires a demonstrated ability to manage information security and information technology risk, and a team player who is comfortable working across a range of functions including compliance, legal, operational excellence, privacy, risk oversight, and many other partners to promote best information security throughout the enterprise.
The successful candidate will have demonstrated the ability to manage information security risk, both strategically and tactically, and will understand the role of a strong governance framework and risk management program. The role includes leading a team of information security and information technology oversight professionals and working to improve risk management and control strength by providing independent assessment of, and effective challenge to, key components of the information security and information technology program through testing, reviews and ongoing effective monitoring.
Responsibilities: 1. Conduct enterprise independent risk assessment (SLoD) of the information security and information technology programs and provide effective challenge to the design and execution of technical and procedural controls 2. Conduct data-driven triggered risk assessments and coordinate risk-based investigations of controls. 3. Conduct industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps. 4. Assist in the development of information security and information technology metrics (e.g. KRIs and KPIs) to continuously monitor and oversee program level risks. 5. Lead and develop a team of information technology and information security professionals with global responsibility 6. Provide periodic updates, reports, and recommendations to management, regarding best practice information security and information technology controls, risk assessment and risk remediation strategies 7. Support interfaces with international regulators through updates on information security and information technology oversight activities. 8. Actively test and monitor information security and information technology controls.
- Minimum five years of experience in an information securityor information technologyrole is required
- Superior problem-solving, strong analytical skill, strong learning agility and willingness to embrace new challenges
- Risk management experience (SLoD) is preferred, particularly in a financial services or highly regulated environment
- Thought leadership and ability to influence business partners
- Attention to details with strong strategic view
- Strong verbal and written communication skills and excellent relationship building skills
- Knowledge of relevant information security standards and frameworks, including NIST
- Knowledge of US federal financial guidelines, examples include: FFIEC, OCC, & FDIC and other cybersecurity standards and frameworks
- Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field (or equivalent work experience). Advanced degree preferred.
- Professional certification is preferred (e.g. CISA, CISSP, CISM, CPCB, etc.)
- Experience with information security risk process improvement
- Deep knowledge of information security systems/platforms and data and processes adopted by the Company is preferred
- Experience in leading and growing information securityor information technologyteams is preferred
Why American Express?
Theres a difference between having a job and making a difference.
American Express has been making a difference in peoples lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
Weve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when theyre ready to take on a new career path, were right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.Dont make a difference without it.Dont live life without it.
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
Title: Director, Independent Risk Assessment Information Security and Information Technology Oversight
Other Locations: US-New York-New York
Requisition ID: 19018442