American Express - Service Delivery Leader - Information Security Risk Processes

Job Description: This position's primary focus is on the information security risk processes within the Third Party Lifecycle Management (TLM) program that are designed to assess third party risk. It includes providing IT risk and information security guidance, consultation and strategic recommendations to internal business partners and third parties to protect AXP corporate intellectual capital and other sensitive data.

- Responsible for providing consultation and service to business units, individuals and teams on information security (IS)

- Responsible for providing education and awareness to internal business units, team members and leaders as required

- Works individually as well as part of a team on both structured and unstructured assignments

- Defines and develops appropriate risk measures for ongoing reporting of program effectiveness

- Maintains Quality Assurance (QA) processes and governance over those processes

- Manages a portfolio of third party vendors with one or several business point of contacts to ensure integration of third party requirements and to track and review third party deliverables.

- Makes recommendations and assists in the implementation of changes to strengthen processes, procedures and compliance resulting in enhanced IS controls or reduced IS risk

- Takes personal accountability to support the strategic direction of the program and organization, by identifying opportunities to improve the TLM program

- Collaborate with peers in TLM within other 3rd party functional risk areas

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Qualifications:

- Overall 6 year of experience with 2 years or more experience in information security consulting or quality auditing, or a similar field.

- Exposure with IT risk issues or technical environments and ability to understand information security controls and processes a plus.

- Strong communication and influencing skills.

- Information Security certifications (e.g. ISO, CISSP, CISM or CISA) preferred but not mandatory.

- Ability to work in a matrix environment.

- Experience working with auditors and regulators.

- Superior skill in organizing, managing and interpreting data.

- Excellent time management skills, and the ability to prioritize and multi-task.

- Service-Oriented perspective.

- Experience with program management, process creation, QA, and implementation.

#NOLI