American Express Information Security Manager in Phoenix, Arizona
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is seeking an Application Security Architect with proven strong technical competence in building implementing application security governance and risk management processes. The Application Security Architect serves as a subject matter expert in developing and maintaining comprehensive security requirements across a diverse number of technology stacks. The Application Security Architect supports the security champion practice by evangelizing secure design and secure coding controls.
Develop security governance processes and procedures for the enterprise threat modeling program.
Assist in the development of threat modeling governance documentation.
Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
Develops reports for management concerning residual risk and non compliance.
Monitor and track compliance with application owners to ensure implementation of security controls as planned.
Review issued security controls with application owners to ensure identified requirements are implemented.
Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
Develop, Maintain, update and enhance secure design patterns and secure coding standards.
Develop, Maintain, update and enhance threat libraries.
Socialize secure design patterns and secure coding standards with engineering teams.
Assist application teams with threat modeling consultancy questions.
Consistently enable strong developer and customer experience when liasing with application teams. Uphold Blue Box values when liasing with application teams.
Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
Security and Technical Experience
Prior experience with implementing security governance and risk management processes.
In-depth knowledge and understanding of information security risk concepts and principles, as a means of relating business needs to security controls.
Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
Direct hands on experience with application threat modeling.
Direct hands on experience with threat modeling frameworks, attack vectors an vulnerability analysis: CAPEC, ATT&CK, STRIDE.
Direct hands on experience with application security controls (Web, API and Mobile).
Strong familiarity with IAM Controls (OAuth 2.0, OIDC, JWT).
Strong familiarity with Cryptography Controls (Data at rest, in motion).
Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
Full stack knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases.
Preferred Security Certifications
- CISSP, CISM, CISA, CRISC or SANS GIAC
Self-directed, Confident Team Player
Strong Technical Thinker
Strong Planning, Execution and Collaborative skills
Communication skills — Good verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business.
Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization.
Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances.
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: United States
Req ID: 21022496