Manager-CyberOps & Assurance-Third Party Security Assessments

Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.

The Technology organization enables and accelerates the company’s growth strategies, delivering global capabilities and services in support of Amex’s customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.

At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage—empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

Security is a top priority for our business, partners and customers. Today, as cyber attacks increase and compliance is more rigorously enforced, we look to the third party security assessments team to stay ahead of what’s next and to protect our business and our future. If you are dedicated to the latest technology and motivating others, secure your career here. 

This position, Manager-CyberOps & Assurance-Third Party Security Assessments, reporting to the Director of Third Party Security Assessments, will be part of a team responsible for performing technical assessments/inspections of the company’s most critically sensitive third parties. The Manager will be responsible for physical and logical inspection of Information Security and Technology controls and publish assessment results. The Manager will issue gaps, provide consultation and validate remediation of gaps. For further tool enhancement, the Manager will also assist in assessment tool development/maintenance using various third party risk management tools. Additionally, there are expectations of working with multiple teams, external assessors, continuous monitoring, risk management and product/tool management to ensure readiness and effective of process and monitoring tools.

Responsibilities Include: 

• Performance of technical physical and logical assessments for in-scope third parties. 
• Contribute to the development and enhancement of current assessment tool capabilities, including AI enablement
• Assist with evaluation, development and maintenance of tools / technologies to support monitoring capabilities
• Perform ongoing tracking and monitoring of progress and assist in management reporting on a periodic basis

• 10+ years of experience in Information Security, and/or Third Party Assessments required
• Demonstrated expertise in Information Security and Third Party Risk
• Intermediate knowledge of GenAI concepts, both for assessment knowledge and internal tool development/maintenance
• Familiarity with secure software development practices
• Expertise in web and mobile application vulnerabilities – detection and mitigation strategies 
• Expertise in DAST and SAST scanning technologies, ethical hacking experience desired but not required
• A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
• Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI highly preferred
• Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion
• Proven excellent relationship management skills with all levels of the enterprise are required
• Ability to effectively collaborate across teams
• Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders
• Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
• Ability to analyze complex information and identify the most relevant details

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.