Information Security Manager
American Express
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.
Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.
How will you make an impact in this role?
The Regional Information Security Officer (RISO) organization is responsible for information security control enforcement, incident management, regulatory change, cybersecurity awareness, reporting and enablement for American Express European legal entities.
Key Responsibilities Include:
- Supporting the interconnection between core enterprise technology risk and information security functions and American Express European legal entities.
- Deliver leadership reporting and risk metrics that demonstrate the effectiveness of the cyber security program to American Express European legal entities.
- Support regulatory audit and examinations for Info Sec and Tech functions, including close partnership with the Privacy Office, Compliance, General Council, CRO teams and the broader Information Security organization.
- Support on regulatory change management for topics such as DORA, Operational Resilience and EU AI Act.
- Support cyber incident management processes.
- Assess the design effectiveness and operating effectiveness of information security controls upon which the American Express European legal entities rely to protect Confidentiality, Availability, and Integrity of Information and Systems.
- Consult on EMEA Business & Technologies projects to ensure appropriate security protection.
- Operate as part of the extended Information Security team in support of all security and compliance initiatives.
Maintain EMEA reporting boundaries and operate relevant governance processes.
Minimum Qualifications:
- Excellent verbal and written communication skills, including the ability to translate technical concepts into clean business language.
- Proficiency in Italian and English.
- Proven ability to build relationships and work collaboratively in a complex matrix environment.
- Strong organization and planning skills.
- Ability to work independently as part of a geographically dispersed team.
- Knowledge of applicable information security standards and regulatory requirements.
- Keen attention to detail.
- 5+ years of Information Security or Technology Risk Management experience.
- Experience working with audits and regulators requirements and in complex, regulated businesses.
- Broad understanding of information security disciplines
- Experience in risk assessment and relevant methodologies including quantitative risk management techniques.
- Security-related certifications are desirable.
We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:
- Competitive base salaries
- Bonus incentives
- Support for financial-well-being and retirement
- Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
- Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
- Generous paid parental leave policies (depending on your location)
- Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
- Free and confidential counseling support through our Healthy Minds program
- Career development and training opportunities
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.