Information Security Manager

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

Actively provides people-leadership, deep technical knowledge and contributes to teams of information security experts. Craft processes that effectively protect the enterprise and the related management of regulatory/compliance and other guidance and leading a team of information security experts. Provides consultation and strategic recommendations to internal business partners, customers and vendors in assessing secure business solutions and mitigating controls to protect corporate intellectual capital and other sensitive data. 

How will you make an impact in this role?

American Express is on an exciting Cloud transformation led by a high-energy, delivery-focused team delivering security as code and integration to enable on-premise equivalent security models for cloud workloads.  The Cloud Security Engineering group builds and delivers technology which enables shift left security integration through partnership and collaboration across Technology Risk and Information Security, as well as multiple Technology teams.  The Information Security Manager (ISM) Cloud Security Engineering will create and mature the  program, design and develop tools to deliver security requirements for the enterprise, and will ensure the success of the American Express journey towards hybrid cloud. The ISM and the team will be accountable for securely enabling the cloud journey through a delivery-based program.

To be successful, you and the team will work very closely with other Technology Risk and Information Security functions, as well as Cloud Security Strategy, Cloud Operations, and many other Technology and non-Technology teams to identify, solution, and deliver security code elements.  You will join a program which aims to drive automation, zero touch, and idempotency through “everything-as-code”. This position demands a well-organized; action-oriented team player with the ability to prioritize daily work; work on multiple initiatives simultaneously;  establish and maintain an outward looking view on new and evolving network edge technologies; and an ability to mature and operate business critical, end-to-end processes and solutions – while ensuring a great colleague user experience.

•  Assist and  Cloud Security Engineering program created to deliver security code elements across private and public multi-cloud ·      
• Provide security and engineering expertise and guidance to the Cloud Programs, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Cloud Application Architecture subprograms.·      
• Collaborate with enterprise architects and SMEs to deliver complete security architecture solutions.·      
• Lead Cloud Security engineering team which designs and develops tools to delivery security requirements for the enterprise.·      
• Develop technical aspects of software development (architecture, design and development of systems) for assigned applications.·      
• Lead a team who delivers hands-on software development, typically spending about 80% of time writing code, APIs, doing proof of concepts and conducting code reviews·      
•  Identify exciting opportunities for adopting new technologies to solve existing needs and predicting future challenges.

Minimum Qualifications

• 4+ years of software development experience using any of the following languages: Java, JavaScript (Node.js), Python, Golang (2+ years). Must have a deep understanding of the language and its ecosystem.·      
• 2+ years of experience in Information Security roles with increase of responsibilities and scope.·      
• 3 years of experience using one or more prominent software frameworks.·      
• Demonstrated experience in a manager-level role.·      
• Experience in microservices architecture is required.·      
•  Understanding of classical or cloud-native design patterns is required.·      
• Experience building and consuming REST or GraphQL  APIs is required.·      
• Experience with Docker, Open Containers Initiative, or similar is required.·      
• Understanding of Cloud Fundamentals, including securing public cloud with data protection controls.·      
• Knowledge of security configuration management, container security, endpoint security and secrets management as they are applied to cloud applications.·      
• Knowledge of network architecture, proxy infrastructure, and programs to support network access and enablement. ·       Demonstrated ability to manage large financial portfolios, specifically managing year-over-year budget for BAU operations, new investments and contract renewals. 
• Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Identity & Access Management, etc.

Preferred Qualifications

•  Bachelor’s Degree in computer science, computer engineering, or related field; or equivalent experience is preferred.·      
•  Information Security or Cloud Certification preferred - CISSP, CISM, CCSP or similar.·      
• Cloud Engineering or Security Certification preferred – AWS Certified DevOps Engineer, AWS Certified Security, GCP Cloud DevOps Engineer, GCP Cloud Security Engineer or similar

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries 
• Bonus incentives 
• Support for financial-well-being and retirement 
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) 
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
• Generous paid parental leave policies (depending on your location) 
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
• Free and confidential counseling support through our Healthy Minds program 
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.  

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.