Job Description

:You Lead the Way. Wexe2x80x99ve Got Your Back.With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, youxe2x80x99ll learn and grow as we help you create a career journey thatxe2x80x99s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.At American Express, youxe2x80x99ll be recognized for your contributions, leadership, and impactxe2x80x94every colleague has the opportunity to share in the companyxe2x80x99s success. Together, wexe2x80x99ll win as a team, striving to uphold our and powerful backing promise to provide the worldxe2x80x99s best customer experience every day. And wexe2x80x99ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.Join Team Amex and let's lead the way together.How will you make an impact in this role?Regional Information Security Manager (RISO)The Information Security Manager role resides within the Regional Information Security Office aof Asia pacific and is responsible for control enforcement, cybersecurity awareness, reporting and enablement for American Express Banking Corp. The incumbent will be responsible for helping design and execute an information security risk management program in line with business strategy and regulatory requirements.Key responsibilities include:xc2xb7 Contribute to the first line information security risk management and reporting.xc2xb7 Organize/Participate in information security committee, prepare presentations and maintain minute minutes.xc2xb7 Participate in bankxe2x80x99s committee structure and provide information security status updates.xc2xb7 Assess the design effectiveness and operating effectiveness of information security controls which are relied on to protect Confidentiality, Availability, and Integrity of Information and Systemsxc2xb7 Collaborate with stakeholders across Bank and Enterprise to deliver various goals as part of information security program.xc2xb7 Identify, scope, and investigate new information security risks.xc2xb7 Manage the audit and examination requirements for the Bank information security office function, in close partnership with privacy office, compliance, genera council and border information security organization.xc2xb7 Craft responses to Information Security audit and examination, regulatory requirements for the market.xc2xb7 Operate as part of the extended Information Security team in support of all security and compliance initiatives.xc2xb7 Provides market specific guidance and consultancy on information security processes, controls, and compliance, and information security risk management.xc2xb7 Provides day-to-day operational management over functional processes and project delivery.xc2xb7 Makes difficult, timely decisions regarding simple and complex business or security issues.xc2xb7 Defines, develops, and implements appropriate metrics for ongoing reporting; take action as required based on trend data.xc2xb7 Designs reporting products, metrics and information that meet the requirements of stakeholders, and regulator can be actioned to drive significant improvements in the environment and performance.xc2xb7 Deliver leadership/regulatory reporting and risk metrics that demonstrate the effectiveness of the program.xc2xb7 Updates plans and programs to changes in the regulatory environment and assist other organizations in doing the same.xc2xb7 Documents current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to handle information security risk and protect data.xc2xb7 Makes strategic recommendations and assists key decision makers with recommendations on the implementation of improved processes, procedures, governance approaches, and compliance matters resulting in enhanced information security.xc2xb7 Participate in Information Security relatedRequired Skills:xc2xb7 About 8 years of Information Security and/or Data Privacy experiencexc2xb7 Experience working with regulators like RBI, UIDAI, IDBRT in complex regulated payments industry.xc2xb7 Broad understanding of information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security, identity and access, incident management and data analyticsxc2xb7 Strong in risk management. Ability to link threats to risk tolerance and control effectiveness measurements.xc2xb7 Understanding of cyber regulatory landscapeRequired Work Experience, Education, Certification / Training:

• Bachelorxe2x80x99s degree in computer science, information systems, network security or other related field. Masterxe2x80x99s degree preferred.
• Professional certifications (CISSP, CRISC, CISA, PCI, CISM or equivalent)
• At least 5 yearsxe2x80x99 work experience in information security or technology risk management
• Technical background with hands-on experience across a variety of technologies
• Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)

Required Knowledge, Skills and Abilities:

• Exceptional verbal and written communication skills
• Requires knowledge of a minimum of several business and technical functional capabilities in some of the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; cloud security; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance
• Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques.
• Knowledge of applicable information security standards and regulatory requirements
• Highly self-motivated and directed.
• Keen attention to detail

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

American Express