Director Information Security

Phoenix, AZ, United States

American Express Director Information Security Phoenix , Arizona Apply Now With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

The Director of IAM (Identity and Access Management) Audit, Controls, and Metrics is responsible for leading a team of dedicated and experienced Information Security Professionals in ensuring that IAM controls are measured, tested, and documented such that auditors and regulators gain assurance in the effectiveness of those controls.

Organizational Context

Reports to the VP, Identity Lifecycle Management. Is one of 5 Directors in the organization. Works across TRIS organizations, Privacy, Enterprise Data Governance, hosting platform teams to meet business, security, risk and compliance objectives for a Category 2 bank. The IAM Audit, Controls and Metrics team is comprised of 10 colleagues and 1 contractor that include Information Security Specialists, Information Security Analysts, and Information Security Managers.

Responsibilities:

Constantly reviews IAM controls (i.e. joiner, leaver, review) to ensure the correct metrics and measurements are in place that proves the effectiveness of those controls.

Takes the lead in ensuring IAM responds in a timely and accurate manner to all related audit and regulator inquiries. These inquiries include, but not limited to, requests from internal auditors, 3rd party auditors, and government regulators.

Establish a threat modelling approach in reviewing IAM controls such that AXP can make value driven decisions around investments in IAM controls.

As the volume of auditor and regulator requests exceeds the capacity of any one individual, the Director of IAM Audit, Controls and Metrics, must coach and continually develop a team of Information Security Professionals not just the through the response to regulator requests but the design of metrics and reports such that future requests are continually ready for inquiries.

Leverage a data driven approach to assist auditors and regulators in an understanding of perceived risks vs. AXP’s defence in depth approach that mitigates those risks.

Enhance the control environment at American Express through close partnership with Operational Risk Governance Group, Fortify the Controls Environment (FCE), Compliance, Issue Management and other Technology Risk leaders

Lead the continual evolution of IAM Policies and Standards as risks evolve and controls mature.

Ensure appropriate control ratings and compliance outcomes are achieved.

Partner with the Operational Excellence Operational Risk Events (ORE) and Customer Action Plans (CAP) to link events/CAPs to appropriate Process Risk Self-Assessment (PRSA).

Required Qualifications:

8 years of relevant professional work experience in Operational Risk Management with experience in Information Security and Technology Risk Management

Deep knowledge of compliance, risk management and internal IT control frameworks

Deep understanding of IAM especially in evolving areas such as Identity Governance Administration (IGA), Privilege Access Management (PAM), Cloud Identity and Access Management, and more.

Broad understanding of information security subject areas with emphasis on incident management, risk management, and data analytics

Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures

Proven ability in extending and maintaining strong relationships in a complex multi-national corporation

Knowledge/experience with GRC tools (preferably Archer) inclusive of reporting.

Ability to conceptualize complex control relationships and develop rigor in control development, design and testing practices

Ability to translate technical cyber security concepts to non-technical business leaders and influence in a matrix environment

Calm and decisive under pressure with strong operational leadership in stressful situations

Ability to prioritize actions for the benefit of the organization to remain focused on most critical issues

Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done

Strong problem solver with the ability to use analytical methods to affect change

Educational Requirements:

Bachelor's degree in information assurance, accounting, computer science or related field. Master's degree Preferred.

CPA, CISM, CISA, CRISC, or CISSP or equivalent certification

Qualifications

Salary Range: $170,000.00 to $255,000.00 annually bonus equity (if applicable) benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

6% Company Match on retirement savings plan

Free financial coaching and financial well-being support

Comprehensive medical, dental, vision, life insurance, and disability benefits

Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

Free and confidential counseling support through our Healthy Minds program

Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site .

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers/Employees - Click here to view the “Know Your Rights” poster and the Pay Transparency Policy Statement.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for this position.

#J-18808-Ljbffr