Information Security Manager jobs in Phoenix, AZ

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. Amex offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

How will you make an impact in this role?

Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future. 

The ideal candidate for this position will have strong technical and project management skills, including knowledge of Technology Risk and Information Security principles. The successful candidate will focus on facilitating the reduction of risk to the AXP environment through positive partnerships and effective communications. 

This candidate will be responsible for communicating information to regulators and leaders while partnering with internal teams to facilitate successful compliance exercises across multiple IT & IS domains. The successful candidate will also demonstrate self-motivation and flexibility in running tests/scans, generating artifacts, managing projects, and providing support to the team as needed.

This position demands a well-organized, committed teammate with the ability to prioritize daily work, change directions quickly, and work on multiple projects simultaneously. Excellent presentational, written, and verbal communication required.

Key Responsibilities

This role is primarily focused on reducing risk to AXP and associated entities through orchestration of Governance / Compliance activities, including international regulatory standards and requirements. This role involves working with various internal and external entities. The successful candidate will be responsible for driving requirements involving multiple business units and domains to be delivered within set timelines to uphold business goals.

The successful candidates’ ongoing responsibilities will include:

• Participate as a key team member on compliance projects responsible for assisting with annual planning and owning core tasks on successive assignments.
• Being a great partner with industry stakeholders, external & internal regulators, internal application, server support, and IS teams, as well as legal partners.
• Present project objectives, scope, and results to senior management, clearly articulating the potential impact of control gaps in a highly professional and proficient manner.
• Handling and facilitating the execution and assimilation of evidence, scans, and other artifacts.
• Scan, report, and track identified risks/vulnerabilities and produce detailed reports or assessments.
• Assist with response efforts to implement process improvements in response to findings and recommendations from regulators, internal and external Quality Assessment Reviews, maturity assessments, and first- and second-line business partner recommendations.
• Validate that actions or decisions taken to address risks are appropriate and report appropriately.
• Frequent collaboration and communication with key stakeholders including vendor partners, regulators, internal/partner groups, and audit teams.
• Assist collaborators in achieving objectives / requests and producing quality results on time. Responsibilities include but are not limited to collecting, consolidating, reconciling, and analyzing large data sets and artifacts.
• Look for creative, alternate solutions to promote and support consistency, streamlining, or automation opportunities.
• Organize and facilitate meetings with regulators and internal collaborators /teams- develop objectives, set the agenda, and generate content.
• Assist regional/BU technical personnel and COE’s by providing guidance and support for prioritization, recommendations, and implementation of security standard methodologies, patch and configuration management, and reporting related topics.
• Ensure effective and efficient execution of assigned project tasks in conformance with professional and department standards, timelines, and objectives.
• Drive analytical insights and reporting working with internal teams/customers and deliver value for business.
• Create high quality and executive-ready documentation and presentations.

Minimum Qualifications

• 3 years relevant experience with compliance/risk management in Information Security/IT or similar relevant experience with compliance programs, critical initiatives, regulatory reviews, risk assessments, and certifications.
• Previous project/program management experience required.
• General understanding of IT risk governance methodologies for evaluation of controls, policies, and procedures.
• Experience working with various types of Information Technology SMEs in leading complex and time-sensitive data requests.
• Experience with cultivating and handling day-to-day relationships with various SMEs across an organization.
• Experience working with Verizon’s Cyber Risk Programs and/or PCI DSS would be a PLUS.
• Prior experience using vulnerability scanners and/or automated ticketing systems preferred.
• Experience with technology control testing including interface inputs, reports, application security, business continuity and third parties.
• Proven ability to lead and manage multiple projects, including ownership of core tasks, across multiple simultaneous or successive assignments.
• Demonstrated track record of integrity, innovation, and excellence.
• Ability to travel if needed for onsite reviews (<5% of the time).

Preferred Characteristics

• Diligent with experience in facilitating, documenting, and optimizing business processes with auditable controls.
• Ability to break-down a complex problem into addressable components, ideate solutions, and present the results/recommendations effectively to leaders and regulators with transparency and integrity.
• Effectively work independently, within a team and across teams in a fast-paced environment to drive business results; applying related project management skills, employing creative thinking, and the ability to work on challenging priorities.
• Highly organized, with a strong attention to detail and the ability to plan, prioritize, juggle multiple work streams, and ensure completion through coordination and follow-up.
• Self-starter with high degree of personal accountability, ability to work independently, and navigate between cross-functional internal and external groups.
• Flexible approach and ability to ‘think outside the box’.
• Ability to effectively handle multiple challenging priorities and pivot quickly in an ever-changing environment.
• Ability to lead change in a dynamic environment and influence others without direct authority.
• Strong communication, presentation, and interpersonal relationship management skills dealing with multiple collaborators / partners and leaders.
• Flexibility and enthusiasm to take special projects and collaborate to drive success for the team.
• Ability to collect, comprehend and communicate complex technical details, policies and procedures and adjust the message accordingly based on the audience.
• Able to work with Senior Leadership and explain the program requirements.
• Excellent time management skills

Salary Range: $110,000.00 to $190,000.00 annually bonus benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we'll consider your location, experience, and other job-related factors.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries 
• Bonus incentives 
• 6% Company Match on retirement savings plan 
• Free financial coaching and financial well-being support 
• Comprehensive medical, dental, vision, life insurance, and disability benefits 
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
• 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy 
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
• Free and confidential counseling support through our Healthy Minds program 
• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers/Employees - Click here to view the “Know Your Rights” poster and the Pay Transparency Policy Statement.

If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters.