Job Description

:You Lead the Way. Wexe2x80x99ve Got Your Back.With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, youxe2x80x99ll learn and grow as we help you create a career journey thatxe2x80x99s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.At American Express, youxe2x80x99ll be recognized for your contributions, leadership, and impactxe2x80x94every colleague has the opportunity to share in the companyxe2x80x99s success. Together, wexe2x80x99ll win as a team, striving to uphold our and powerful backing promise to provide the worldxe2x80x99s best customer experience every day. And wexe2x80x99ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.Join Team Amex and let's lead the way together.The Information Security Manager role is part of the third-party security team within Technology Risk & Information Security (TRIS), and is responsible for security control enforcement, awareness, and enablement of American Express standard controls at 3rd party environment.This position, reporting to the Director of Information Security, is responsible for assessing the information security risk associated with Third Parties and facilitating and/or performing information security assessments of those Third Parties. The person in this position will be responsible for managing third party security risk specifically focused on aspects of assessing, monitoring, providing risk expertise on security control domains, process uplift recommendations, and providing professional guidance to key stakeholders of the program on information security aspects.The ideal candidate for this role has an extensive background in risk management / Audit / Information Security. They are dynamic, with the ability to manage a fluctuating workload with competing deadlines. The candidate is highly inquisitive with a healthy dose of cautiousness, has a broad-based perspective and thrives on building a network of internal and external alliances. S/he has highly developed communication skills, excellent time management and an acute attention to detailResponsibilities:

• Partner with the BU to complete third party risk assessments and ensure adherence to program requirements.
• Assist with risk analysis and security posture evaluations of Third Parties to support security assessment activities, including vulnerability threat assessments
• Execute or facilitate execution of information security assessments for in-scope third parties, assess the quality of assessments conducted by External Assessors, define risk ratings as appropriate to the control failures, etc.
• Review and evaluate the security controls of third-party vendors to ensure they align with the AXPxe2x80x99s security standards and explains control requirements to the business colleagues and third parties, as appropriate
• Partner with other colleagues in third party security team in sharing inputs towards third party assessment questionnaires and Guidance documents
• Conduct training and awareness sessions for internal stakeholders on third-party security risks and best practices. Be an Information Security Risk Expert for team and other stakeholders
• Foster strong relationships with Business colleagues and TLM team to promote security best practices and collaboration
• Support with security and compliance initiatives as led by third party security team

Requirements / Qualification:

• Thorough knowledge of information security components, principles, practices, and procedures
• Information security specialist with 8+ years of experience
• A broad understanding of the IT controls and best practices across key risk domains, including risk assessment methodology, application security, network and infrastructure security, Data loss prevention, and incident management is recommended
• Prior experience managing risk assessments; including background in audit, information security, Third Party Risk/Oversight, or other risk control functions
• Strong knowledge of information security frameworks (e.g., NIST, ISO 27001) and regulatory requirements
• Proficiency in risk assessment methodologies and third-party risk management tools
• Attention to Detail: Careful evaluation of vendor security practices and documentation
• Excellent communication, negotiation, and stakeholder management skills, able to effectively communicate at all levels within the organization
• Being flexible and able to adjust to new needs and new technologies, and be comfortable with ambiguity
• Strategic Thinking: Ability to align third-party security with broader organizational objectives
• Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 are preferred

Compliance LanguageWe back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

American Express