INFORMATION SECURITY MANAGER- TECHNICAL PROJECT/ PROGRAM MANAGEMENT
: Job Details :

DescriptionYou Lead the Way. We ve Got Your Back.With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you ll learn and grow as we help you create a career journey that s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.At American Express, you ll be recognized for your contributions, leadership, and impact every colleague has the opportunity to share in the company s success. Together, we ll win as a team, striving to uphold our company values and powerful backing promise to provide the world s best customer experience every day. And we ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.Join Team Amex and let's lead the way together.As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. Amex offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.How will you make an impact in this role?Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what s next and to protect our business and our future. The ideal candidate for this position will have strong technical and project management skills, including knowledge of Technology Risk and Information Security principles. The successful candidate will focus on facilitating the reduction of risk to the AXP environment through positive partnerships and effective communications. This candidate will be responsible for communicating information to regulators and leaders while partnering with internal teams to facilitate successful compliance exercises across multiple IT & IS domains. The successful candidate will also demonstrate self-motivation and flexibility in running tests/scans, generating artifacts, managing projects, and providing support to the team as needed.This position demands a well-organized, committed teammate with the ability to prioritize daily work, change directions quickly, and work on multiple projects simultaneously. Excellent presentational, written, and verbal communication required.Key ResponsibilitiesThis role is primarily focused on reducing risk to AXP and associated entities through orchestration of Governance / Compliance activities, including international regulatory standards and requirements. This role involves working with various internal and external entities. The successful candidate will be responsible for driving requirements involving multiple business units and domains to be delivered within set timelines to uphold business goals.The successful candidates ongoing responsibilities will include:Participate as a key team member on compliance projects responsible for assisting with annual planning and owning core tasks on successive assignments.Being a great partner with industry stakeholders, external & internal regulators, internal application, server support, and IS teams, as well as legal partners.Present project objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner.Handling and facilitating the execution and assimilation of evidence, scans, and other artifacts.Scan, report, and track identified risks/vulnerabilities and produce detailed reports or assessments.Assist with response efforts to implement process improvements in response to findings and recommendations from regulators, internal and external Quality Assessment Reviews, maturity assessments, and first- and second-line business partner recommendations.Validate that actions or decisions taken to address risks are appropriate and report appropriately.Frequent collaboration and communication with key stakeholders including vendor partners, regulators, internal/partner groups, and audit teams.Assist collaborators in achieving objectives / requests and producing quality results on time. Responsibilities include but are not limited to collecting, consolidating, reconciling, and analyzing large data sets and artifacts.Look for creative, alternate solutions to promote and support consistency, streamlining, or automation opportunities.Organize and facilitate meetings with regulators and internal collaborators /teams- develop objectives, set the agenda, and generate content.Assist regional/BU technical personnel and COE s by providing guidance and support for prioritization, recommendations, and implementation of security standard methodologies, patch and configuration management, and reporting related topics.Ensure effective and efficient execution of assigned project tasks in conformance with professional and department standards, timelines, and objectives.Drive analytical insights and reporting working with internal teams/customers and deliver value for business.Create high quality and executive-ready documentation and presentations.Minimum Qualifications3+ years relevant experience with compliance/risk management in Information Security/IT or similar relevant experience with compliance programs, critical initiatives, regulatory reviews, risk assessments, and certifications.Previous project/program management experience required.General understanding of IT risk governance methodologies for evaluation of controls, policies, and procedures.Experience working with various types of Information Technology SMEs in leading complex and time-sensitive data requests.Experience with cultivating and handling day-to-day relationships with various SMEs across an organization.Experience working with Verizon s Cyber Risk Programs and/or PCI DSS would be a PLUS.Prior experience using vulnerability scanners and/or automated ticketing systems preferred.Experience with technology control testing including interface inputs, reports, application security, business continuity and third parties.Proven ability to lead and manage multiple projects, including ownership of core tasks, across multiple simultaneous or successive assignments.Demonstrated track record of integrity, innovation, and excellence.Ability to travel if needed for onsite reviews (