At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

 

How will you make an impact in this role?

The Manager – Tech Risk and Control function resides within the Regional Information Security Office and is responsible for control enforcement, cybersecurity awareness, reporting and enablement for American Express in Australia and New Zealand. The incumbent will be responsible for helping design and execute a regionalized information security risk management strategy closely informed by the APAC regulatory landscape and AXP business interests, including third party service providers, affiliates, and legal entities.

 

Key responsibilities include:

Assist with the interconnection between core enterprise information security functions and American Express Asia-pacific legal entitiesContribute to the first line information security risk management and reportingAssess the design and operating effectiveness of information security controls upon which the American Express Asia-pacific legal entities rely to protect Confidentiality, Availability, and Integrity of Information and SystemsCollaborate with General Counsel, Market Compliance, and the American Express Privacy Office to support market regulatory requirementsLead the information security related aspects of regulatory changes and projectsIdentify, scope, and investigate new information security risks, including assisting with assessment of key American Express third-party providers in the regionDeliver leadership reporting and risk metrics that demonstrate the effectiveness of the cyber security program to American Express Asia-pacific legal entities.Consult on market-specific Business & Technologies projects to ensure appropriate security protectionCraft responses to Information Security audit and examination requirements for the marketOperate as part of the extended Information Security team in support of all security and compliance initiativesCollaborate with global teams to publish market specific Information Security KPIs/KRIsParticipate in represent regional information security office in APAC risk committees

 

Required Skills:

5-10 years of Information Security and/or Data PrivacyExperience working with regulators, such as METI, in complex regulated businessesBroad understanding of information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security, identity and access, incident management and data analyticsStrong in risk management. Ability to link threats to risk tolerance and control effectiveness measurements.Understanding of cyber regulatory landscape

 

Required Work Experience, Education, Certification / Training:

Bachelor’s degree in computer science, information systems, network security or other related field. Master’s degree preferredProfessional certifications (CISSP, CRISC, CISA, PCI, CISM or equivalent)At least 5 years’ work experience in information security or technology risk managementTechnical background with hands-on experience across a variety of technologiesProficiency in information security, risk management and audit (risk/security policies, procedures and controls)

 

Required Knowledge, Skills and Abilities:

Exceptional verbal and written communication skillsAbility to lead and drive discussions on technical matter with senior business stakeholders along with partners and regulatorsFluency English languageRequires knowledge of a minimum of several business and technical functional capabilities in some of the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; cloud security; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and complianceStrong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniquesKnowledge of applicable information security standards and regulatory requirementsHighly self-motivated and directedKeen attention to detail

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.