Information Security Specialist

Full Time
Salt Lake City, UT
Areas of Interest: Vulnerability Assessment and Management
report a problem
Overview


Challenge Every Day
 
The position, located in Phoenix, is part of the Global Risk, Banking & Compliance organization and reports to the Director, Independent Risk - Information Security and Information Technology Oversight. Strong information technology and information security programs are key contributors to loyalty, trust, customer experience, and the American Express brand. Properly assessing, managing, and overseeing global information technology and information security risk is critical to the Company’s business.
 
The successful candidate will have deep information security and information technology expertise, including industry knowledge and awareness of emerging technologies which impact cyber security. The position requires a demonstrated ability to manage information security and information technology risk, and is a team player who is comfortable working across a range of functions including compliance, legal, operational excellence, privacy, risk oversight, and many other partners to promote best information security throughout the enterprise.
 
The successful candidate will also have demonstrated the ability to assess information security and information technology risk and can provide strong subject matter expertise on current controls and processes.  The role will work to improve risk management and control strength by providing independent assessment of, and effective challenge to, key components of the information security and information technology program through process evaluation, reviews and ongoing monitoring.
 
Responsibilities:
  1. Conduct independent risk assessment of the information security and information technology programs and provide effective challenge to the design and execution of technical and procedural controls.
  2. Provide strong subject matter expertise in the areas of software development, threat and vulnerability management and other technical domains as required.
  3. Provide periodic updates, reports, and recommendations regarding best practice information security and information technology controls, risk assessment and risk remediation strategies
  4. Actively evaluate and monitor information security and information technology controls.
  5. Contribute to the annual risk assessment and benchmark and coordinate risk-based investigations of controls.
  6. Conduct industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps.
  7. Support the development of information security and information technology metrics (e.g. KRIs and KPIs) to continuously monitor and oversee program level risks.

Qualifications

  1. Minimum three years of operational experience in one of the following technical domains:  Software development and DevOps, threat & vulnerability management, incident response, network administration, server administration.
  2. Demonstrated knowledge and experience in designing security controls for software application systems, hardware configuration, and network architecture in an enterprise.
  3. Demonstrated knowledge of identifying security risks in the software development processes and code promotion procedures, and defining control measures to mitigate the impact of potential threats.
  4. Risk assessment experience is preferred, particularly in a financial services or highly regulated environment.
  5. Strong verbal and written communication skills and excellent relationship building skills
  6. Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field (or equivalent work experience).  Advanced degree preferred.
  7. Technical certification is preferred (e.g. CCNP, MCSE, C|EH, GCFE, etc.)
  8. Working knowledge of framework standards for IS & IT (OWASP, NIST, MITRE, etc.) preferred.
  9. Strong attention to detail.
 
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 17010910
Schedule (Full-Time/Part-Time): Full-time



Share this job:

American Express

American Express is a global service company, providing customers with exceptional access to products, insights and experiences that enrich lives and build business success.

Each day, American Express makes it easier, safer and more rewarding for consumers and businesses to purchase the things they need and for merchants to sell their goods and services. An engine of commerce, American Express provides innovative payment, travel and expense management solutions for individuals and businesses of all sizes. Most of all, we help our customers realize their dreams and aspirations through industry-leading benefits, access to unique experiences, business-building insights, and global customer care. We enable our customers to do and achieve more.

Specialties
Financial Services, Business Travel, Corporate Card, Network Services, Merchants Services
Visit American Express's Social Media pages:
Company Industry: Financial Services
Company Type: Public Company
Company Size: 10,001+