Information Security Analyst I

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

The Information Security Analyst function resides within the Regional Information Security Office and is responsible for control enforcement, cybersecurity awareness, reporting and enablement for American Express Banking Corp. The incumbent will be responsible for helping design and execute an information security risk management program in line with business strategy and regulatory requirements.

Key responsibilities include:

• Contribute to the first line information security risk management and reporting.
• Assess the design effectiveness and operating effectiveness of information security controls which are relied on to protect Confidentiality, Availability, and Integrity of Information and Systems
• Collaborate with stakeholders across Bank and Enterprise to deliver various goals as part of information security program.
• Prepares status reports on information security, or other matters to help develop, track, monitor and report on projects and initiatives.
• Consults on controls, processes, and procedures.
• Facilitates meetings to capture and document products/services or generic process changes.
• Deliver leadership/regulatory reporting and risk metrics that demonstrate the effectiveness of the program at Bank level.
• Identify and support information security regulatory changes and monitor implementation.
• Maintains internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements.
• Support the audit and examination requirements for the regional information security office function, in close partnership with privacy office, compliance, genera council and border information security organization.
• Craft responses to Information Security audit and examination requirements for the market - Operate as part of the extended Information Security team in support of all security and compliance initiatives.
  
  

Required Skills:

• Experience working with regulators like Indian and Asia pacific regulators in complex regulated payments industry.
• Broad understanding of information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security, identity and access, incident management and data analytics
• Strong in risk management. Ability to link threats to risk tolerance and control effectiveness measurements.
• Understanding of cyber regulatory landscape
  
  

Required Work Experience, Education, Certification / Training:

• Bachelor’s degree in computer science, information systems, network security or other related field. Master’s degree preferred.
• Professional certifications (CISSP, CRISC, CISA, PCI, CISM or equivalent)
• Around 5 years’ work experience in information security or technology risk management
• Technical background with hands-on experience across a variety of technologies
• Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)
  
  

Required Knowledge, Skills, and Abilities:

• Exceptional verbal and written communication skills
• Strong work prioritization, planning, and interpersonal skills
• Knowledge or awareness in information security, compliance, assurance, and/or other security standard methodologies and principles
• Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques.
• Knowledge of applicable information security standards and regulatory requirements
• Highly self-motivated and directed.
• Keen attention to detail
  
  

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities
  
  

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.