Information Security Analyst I

You Lead the Way. We've Got Your Back.
With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you'll learn and grow as we help you create a career journey that's unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.
At American Express, you'll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company's success. Together, we'll win as a team, striving to uphold our company values and powerful backing promise to provide the world's best customer experience every day. And we'll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.
Join Team Amex and let's lead the way together.
The AmexThird PartySecurityStrategy&Governanceteamis responsible forcreating, developing, andmanaging the American Expressthird-partycyber riskstrategic initiatives,third party securityroadmap, and definingthird partycyber risk requirementsbased on internal American Expressinformationsecurity standards and regulatory requirements. The teamadvises internalBusiness partnerson third party cyber threats, works with General Counsel toensureInformationSecurity contractual rights with third parties,anddriveskey program initiatives throughreporting and metrics.The team alsopartners with internalandexternal stakeholders to createinnovative technologiesthatsupportthird party cyber risk monitoring and processesautomation.
Reporting to the Director ofThird PartySecurity Strategy & Governance,thisrolewilllead strategicthird partycyber riskinitiatives, build&maintaina robustthird partycyber riskoperating model,and drive overall program compliance through reporting on associated cyber risk metrics while providing consultancy services to internal stakeholders.

Primary Job Responsibilities
Identifyand drive opportunities for maturing the Amex third party cyber risk program
Drive the evolution of key risk metricsto effectively measure third party cyber health across Business portfolios and thousands of Amex third parties 
Managesan evolvingreporting framework,generates metrics onthird partycyberrisk,anddeliversmeaningfulreportsto leadership across Business units and market areas, risk management committees, and other internal stakeholders. Evaluatesthird partyadherence to program andidentifyopportunities and best practices to influence alignment with risk appetite
Partners with internal stakeholders to develop, improve, & document processes, and ensure thatProgram meetsglobal regulatory requirements for third party information security risk
Developstraining materials, process flows, andcommunication plansforsocializing effortsto support execution of the Program across the organizationDocuments requirements as needed for the development and improvement of supporting technology products, tools, automation scripts, and internally developed applications
Assistin managingthethird-partycyber risk strategic roadmap and portfolio
Provides subject matterexpertisetointernal Businessstakeholders

Qualifications
Proven success at drivingthought-provoking strategic initiatives from vision to execution
Must be able toidentifyproactive opportunities for improvement&efficiencies andtoarticulate plansrequiredto reach objectives
Experience with matrix organizations consisting of multi-functional teams and experience in driving complex, large-scale change efforts
Well-organized,action-oriented team player with the ability to prioritize daily work,work on multiple initiatives simultaneously,and deliver mature solutions
Must pay strong attention to detail anddemonstrateanatural disposition to diagnose issues, mediate differing opinions, and converge on solutions

Technical Skills & Requirements
3-5years of experiencein third party cyber risk managementwith demonstrable knowledge ofrelatedtopicssuch asinformation securityrisk assessment, common due diligence requirements, andthird partyoversightpractices
Familiaritywith treatmentof third parties as it relates to cyber security oversight, riskrankingdetermination, and gap remediation processes
Aproven record of accomplishment delivering data driven solutions with a customer-first mindset
Strongunderstanding ofinformation security risks and threats, including concepts of vulnerability management,what information or assets are of value to threat actors,and how organizations and data are breached, including through relationships with external third parties
Familiarity with industry standard control frameworks, security assurance auditing standards, best practices guidelines, andthird partyregulatoryrequirements,such as ISO27001, NIST CSF,SSAE16/18, CSA, CIS Top 20, OWASP Top 10,FFIEC,etc.
Understanding of modern security controlsincludingvulnerability scanning, penetration testing, encryption, anti-malware protection, network security, andDLP
Must have agood balance ofrisk managementexpertise,technical knowledge,and business acumen
Superior analytical skills – both quantitative and qualitative – coupled with an ability to assess a situation without always having the full picture
Ability to drive cross functional initiativeswith aworking knowledge ofproject management practices and governance
Must have excellent written andcommunications skills

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:
Competitive base salaries 
Bonus incentives 
Support for financial-well-being and retirement 
Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) 
Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
Generous paid parental leave policies (depending on your location) 
Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
Free and confidential counseling support through our Healthy Minds program 
Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.  
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.