Information Security Analyst-Third Party Security Strategy & Governance

You Lead the Way. We've Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you'll learn and grow as we help you create a career journey that's unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you'll be recognized for your contributions, leadership, and impact-every colleague has the opportunity to share in the company's success. Together, we'll win as a team, striving to uphold our company values and powerful backing promise to provide the world's best customer experience every day. And we'll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers' digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

The Amex Third Party Security Strategy & Governance team is responsible for creating, developing, and managing the American Express third-party cyber risk strategic initiatives, third party security roadmap, and defining third party cyber risk requirements based on internal American Express information security standards and regulatory requirements. The team advises internal Business partners on third party cyber threats, works with General Counsel to ensure Information Security contractual rights with third parties, and drives key program initiatives through reporting and metrics. The team also partners with internal and external stakeholders to create innovative technologies that support third party cyber risk monitoring and processes automation.

How Will you make an impact in this role?

Reporting to the Director of Third-Party Security Strategy & Governance, this role will lead strategic third party cyber risk initiatives, build & maintain a robust third party cyber risk operating model, and drive overall program compliance through reporting on associated cyber risk metrics while providing consultancy services to internal stakeholders.

Primary Job Responsibilities

• Identify and drive opportunities for maturing the Amex third party cyber risk program
• Drive the evolution of key risk metrics to effectively measure third party cyber health across Business portfolios and thousands of Amex third parties
• Manages an evolving reporting framework, generates metrics on third party cyber risk, and delivers meaningful reports to leadership across Business units and market areas, risk management committees, and other internal stakeholders. Evaluates third party adherence to program and identify opportunities and best practices to influence alignment with risk appetite
• Partners with internal stakeholders to develop, improve, & document processes, and ensure that Program meets global regulatory requirements for third party information security risk
• Develops training materials, process flows, and communication plans for socializing efforts to support execution of the Program across the organization
• Documents requirements as needed for the development and improvement of supporting technology products, tools, automation scripts, and internally developed applications
• Assist in managing the third-party cyber risk strategic roadmap and portfolio
• Provides subject matter expertise to internal Business stakeholders

Qualifications

• Proven success at driving thought-provoking strategic initiatives from vision to execution
• Must be able to identify proactive opportunities for improvement & efficiencies and to articulate plans required to reach objectives
• Experience with matrix organizations consisting of multi-functional teams and experience in driving complex, large-scale change efforts
• Well-organized, action-oriented team player with the ability to prioritize daily work, work on multiple initiatives simultaneously, and deliver mature solutions
• Must pay strong attention to detail and demonstrate a natural disposition to diagnose issues, mediate differing opinions, and converge on solutions

Technical Skills & Requirements

• 3-5 years of experience in third party cyber risk management with demonstrable knowledge of related topics such as information security risk assessment, common due diligence requirements, and third-party oversight practices
• Familiarity with treatment of third parties as it relates to cyber security oversight, risk ranking determination, and gap remediation processes
• A proven record of accomplishment delivering data driven solutions with a customer-first mindset
• Strong understanding of information security risks and threats, including concepts of vulnerability management, what information or assets are of value to threat actors, and how organizations and data are breached, including through relationships with external third parties
• Familiarity with industry standard control frameworks, security assurance auditing standards, best practices guidelines, and third party regulatory requirements, such as ISO27001, NIST CSF, SSAE16/18, CSA, CIS Top 20, OWASP Top 10, FFIEC, etc.
• Understanding of modern security controls including vulnerability scanning, penetration testing, encryption, anti-malware protection, network security, and DLP
• Must have a good balance of risk management expertise, technical knowledge, and business acumen
• Superior analytical skills - both quantitative and qualitative - coupled with an ability to assess a situation without always having the full picture
• Ability to drive cross functional initiatives with a working knowledge of project management practices and governance
• Must have excellent written and communications skills

Qualifications

Salary Range: $85,000.00 to $150,000.00 annually + bonus + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• 6% Company Match on retirement savings plan
• Free financial coaching and financial well-being support
• Comprehensive medical, dental, vision, life insurance, and disability benefits
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers/Employees - Click here to view the "Know Your Rights" poster and the Pay Transparency Policy Statement.

If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.