Director of Information Security Risk Management - Leading Cybersecurity Risk Initiatives and Team Leadership at American Express

Transform Your Career with American Express: Join Our Team as a Director of Information Security Risk

At American Express, we're not just a company; we're a community that thrives on innovation, diversity, and a relentless pursuit of excellence. With a global presence and a rich history, we're committed to providing the world's best customer experience, backed by our unwavering commitment to integrity, respect, and a culture where everyone feels seen, heard, and valued.

About Us: Global Risk & Compliance (GRC) Group

We're part of the Global Risk & Compliance (GRC) group, the independent risk management organization within American Express, led by the Chief Risk Officer (CRO). Our mission is to ensure the company operates in a safe and sound manner, adhering to global regulatory expectations. As a pivotal member of our team, you'll play a crucial role in overseeing and governing risks, making a meaningful impact on our customers and our business.

Job Overview: Director - Information Security Risk

We're seeking an exceptional leader to join our Cybersecurity, Technology, and Resiliency Risk Oversight (CTRRO) team as a Director of Information Security Risk. This role is a perfect blend of leadership, strategy, and technical expertise, where you'll lead a team of professionals in executing independent risk management activities for assigned cybersecurity processes. You'll also spearhead CTRRO's data and automation capabilities, driving innovation and excellence in our risk management practices.

Key Responsibilities:

• Lead and nurture a global team of four to six direct reports, maintaining performance management and fostering a culture of excellence and innovation.
• Execute risk assessments, monitoring, and reporting over assigned cybersecurity processes, such as vulnerability management, ensuring our risk posture is always ahead of the curve.
• Identify and apply thought leadership, best practices, and emerging trends in cybersecurity risk management, keeping our practices current and effective.
• Lead gap assessments per laws, regulations, and regulatory guidance, as well as industry frameworks and company policies, ensuring compliance and mitigating risks.
• Develop strong working relationships across all levels of the organization, handling and resolving conflicts to achieve results and enact wide-scale impact.
• Lead CTRRO's data strategy, including analysis and creation of risk metrics (KRIs/KPIs), direction of enhancement of the team's GRC modules and capabilities, and building risk dashboards and reporting.

Essential Qualifications:

• A Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Data Science, or a related field.
• Relevant Cybersecurity, technology, or risk management certification (CISSP, CCSP, CEH, CISM, etc.), demonstrating your expertise and commitment to the field.
• A minimum of eight years of experience in relevant fields such as technology audit, risk, cybersecurity, or information technology, with at least 3 years of leadership experience.
• Prior experience in creating or directing the development of automation capabilities, GRC tools, big data platforms, KRIs/KPIs, and applying cybersecurity concepts in public cloud environments.
• Demonstrated expertise in using regulatory and industry cybersecurity frameworks and guidance (CRI Sector Profile, NIST, FFIEC, MITRE ATT&CK) to audit cybersecurity controls.

Preferred Qualifications:

• Prior experience in cybersecurity and information technology, with a deep understanding of the latest trends and threats.
• Experience in applying evolving trends to audits, assessments, or lessons learned, showcasing your ability to adapt and innovate.
• Proven ability to lead projects and initiatives that drive performance and excellence.
• Strong written and verbal communication skills, with the ability to deliver high-quality, actionable feedback to client management on control issues and potential solutions.

Skills and Competencies:

To succeed in this role, you'll need to possess a unique blend of technical expertise, leadership skills, and business acumen. Key competencies include:

• Technical knowledge of cybersecurity risk management practices and frameworks.
• Leadership and team management skills, with the ability to inspire and motivate a global team.
• Strategic thinking and problem-solving skills, with the ability to analyze complex issues and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to communicate technical information to non-technical stakeholders.

Career Growth Opportunities and Learning Benefits:

At American Express, we're committed to your growth and development. As a Director of Information Security Risk, you'll have access to a range of training and development opportunities, including:

• Leadership development programs to enhance your skills and expertise.
• Technical training and certifications to stay up-to-date with the latest trends and technologies.
• Opportunities to work on high-visibility projects and initiatives, driving business outcomes and making a meaningful impact.

Work Environment and Company Culture:

We pride ourselves on a culture that values diversity, inclusion, and respect. Our work environment is designed to support your well-being and success, with:

• A flexible working model, with hybrid, onsite, or virtual arrangements depending on role and business need.
• A range of benefits and programs to support your physical, financial, and mental health.
• A global community of colleagues who share our commitment to excellence and customer satisfaction.

Compensation, Perks, and Benefits:

We offer a competitive compensation package, including:

• A salary range of $170,000 to $255,000 annually, plus bonus and equity (if applicable).
• A comprehensive benefits package, including medical, dental, vision, life insurance, and disability benefits.
• A 6% company match on retirement savings plan, plus free financial coaching and financial well-being support.
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption, or surrogacy.
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location).

Join Our Team!

This is a unique opportunity to join a global leader in the financial services industry, with a rich history and a commitment to excellence. If you're a motivated and experienced professional looking to take your career to the next level, we encourage you to apply today.

At American Express, we're committed to creating a diverse and inclusive environment where everyone feels valued and respected. We're an equal opportunity employer, making employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.

Ready to transform your career and join our team? Apply now to become our next Director of Information Security Risk!