Information Security Analyst-Remote OR Hybrid

Job Expired

About the job

You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible — and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

From building next-generation apps and microservices in Kotlin to using AI to help protect our customers from fraud, you could be doing transformational work that brings our iconic, global brand into the future. As a part of our tech team, we could work together to bring ground-breaking and diverse ideas to life that power the digital systems, services, products and platforms that millions of customers around the world depend on. If you love to work with APIs, contribute to open source, or use the latest technologies, we’ll support you with an open environment and learning culture to grow your career.

Focus:

Responsible for assisting with activities designed to systematically handle information security, such as security assurance, project oversight, including developing standard methodologies for information security standards and handling IT controls and compliance with regulatory guidance. As a member of the Database Vulnerability Management program within Infrastructure Security, primary focus will be the solutioning and day-to-day operation of vulnerability management activities.

Organizational Context:

Works with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls, compliance and information security risk management. Works individually and with teams on both structured and unstructured assignments.

How will you make an impact in this role?

  • Assists in developing, implementing and monitoring compliance to AXP and Information security policies, standards and procedures, and other policies and standards as appropriate
  • Implements security policies by administering and monitoring profiles, reviewing violation reports and investigating possible exceptions; document controls
  • Prepares materials (reports, presentations, spreadsheets, etc) on information security to help develop scenarios, response procedures, and to enable informed decision-making; verify completeness, accuracy and relevance of data captured
  • Utilizes tools and documented processes to ensure consistency and optimization of information security processes; work in support of efforts to measure and improve information security processes
  • Prepares status reports on information security, or other matters to help develop, track, monitor and report on projects and initiatives
  • Consults on controls, processes, and procedures
  • Facilitates meetings to capture and document products/services or generic process changes
  • Maintains internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements
  • Provides root cause analysis assistance for incident management or postimplementation efforts
  • Provides analytical support as needed for issue management, project assessments, and reporting
  • Participates in the evaluation of products and/or procedures to improve productivity and effectiveness
  • Supports the analysis of underlying trends and action plans associated with information security and other domains
  • Maintains records to allow for historical trending analysis

Range of Impact/Influence

  • Accountable for ensuring security standard methodologies, policies, and procedures are implemented and adhered to

It’s more than protecting systems and data. It’s protecting people. Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future. So if you are dedicated to the latest technology and motivating others, secure your career here. You won’t just see the problem coming, you’ll see the solution. New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing: – Providing guidance on information security processes, controls, and compliance, and information security risk management to team members – Encouraging employee contribution, such as feedback, career development planning, and goal setting. – Developing plans and strategies for infor

  • In-depth knowledge of cyber threats along with common security controls, detection capabilities, and other practices / solutions for securing digital environments. Including packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection/prevention systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
  • Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
  • Understanding of what information or assets are of value to threat actors and how organizations are breached.
  • In-depth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies).
  • Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Can apply a variety of structured analytic techniques to generate and test a hypothesis, assess cause and effect, challenge analysis, and support decision making.

EDUCATION CERTIFICATION

  • Bachelor’s degree or equivalent combination of education and experience preferred.

REQ# 22006855

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

We back our colleagues with the support they need to thrive, professionally and personally. That’s why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

If the role you are applying for is designated as hybrid or onsite, you will be required to demonstrate that you have completed your primary COVID-19 vaccination series (i.e. 2 doses for Moderna/Pfizer and 1 dose for J&J) and, for medically eligible* colleagues, a booster shot, in order to work in or visit any of our offices. This requirement is subject to legally required accommodations.

  • Booster eligibility: The CDC has established guidelines for when adults are eligible to receive booster shots depending on when they completed their initial vaccine series (currently five months after the Pfizer-BioNTech and Moderna vaccines, and two months after the J&J Vaccine). If you have completed your primary vaccine series but have not yet reached your booster eligibility date, you will be able to come into the office; however, you will need to complete your booster within 30 days of becoming eligible to continue coming in and participating in company-sponsored in-person events.

US Job Seekers/Employees – Click here to view the “EEO is the Law” poster and supplement and the Pay Transparency Policy Statement.

If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters.

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for early bird packages! Winners Announced during RSAC 2025...

X