Information Security Manager - Enterprise Data Risk Management

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other.

Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact every colleague has the opportunity to share in the company’s success.

Together, we’ll win as a team, striving to uphold our and powerful backing promise to provide the world’s best customer experience every day.

And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives.

Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems.

American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source.

And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development.

Find your place in technology on #TeamAmex.

American Express relies on and is entrusted with information from customers, merchants, colleagues, and third parties. As such, the Company aims to safeguard the confidentiality, integrity, and availability of this information.

The new Enterprise Data Governance Program aims to focus on the reliability of trusted data for the most critical use cases such as Risk Models, Financial Reporting, and Customer Profile, which pose the highest operational risks if using unmanaged data.

The Data Risk Management Team within the Technology Risk & Information Security (TRIS) organization is critical to the elevation of technology and data risk by embedding and centralizing Technical & Business Data Architecture into core data life cycle activities, expand Data Governance Operating Model beyond highest risk data, and centralize processes and tooling across all critical domains.

Responsibilities :

• Manage processes for continuous data risk monitoring, notification, remediation, and reporting.
• Report on data element KRIs, effective controls, and metrics for reporting current and emerging risks to senior leadership, internal audit, and regulatory examiners.
• Lead continuous improvement of data risk management processes, strategies, and industry trends to enhance data security best practices.
• Liaise across business units and technology teams to reduce data risk through reviews of applications, platforms, and process.
• Maintain policy, control, and tooling linkages with data risk management, privacy, and other stakeholders.
• Contribute to a culture of data security best practices through enhancements to key technology operational risk programs, policies, standards, reporting, training, and awareness.
• Evaluate the risks and benefits of AI on data risk management monitoring and governance.

Qualifications :

• 5+ years of relevant professional work experience in Information Security and Technology Risk Management
• Information Security or Technology Risk Management experience
• Broad understanding of information security disciplines with emphasis on resiliency, data protection, identity and access, incident management, risk management, and data analytics
• Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures
• Proven ability in extending and maintaining strong relationships in a complex multi-national corporation
• Ability to translate technical cyber security concepts to non-technical business leaders and influence in a matrix environment
• Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done
• Strong problem solver with the ability to use analytical methods to affect change
• Prior experience in data governance, data risk management, data compliance, or enterprise data transformation programs preferred

Educational Requirements :

• Bachelor’s Degree in related field.
• CISM, CISA, CRISC, CISSP or equivalent privacy certifications preferred

Salary Range : $110,000.00 to $190,000.00 annually + bonus + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include :

• Competitive base salaries
• Bonus incentives
• 6% Company Match on retirement savings plan
• Free financial coaching and financial well-being support
• Comprehensive medical, dental, vision, life insurance, and disability benefits
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities
30+ days ago