myGwork - LGBTQ+ Business Community · 3 days ago
Director Information Security
Wonder how qualified you are to the job?
Maximize your interview chances
Internet
Insider Connection @myGwork - LGBTQ+ Business Community
Responsibilities
Constantly reviews IAM controls (i.e. joiner, leaver, review) to ensure the correct metrics and measurements are in place that proves the effectiveness of those controls.
Takes the lead in ensuring IAM responds in a timely and accurate manner to all related audit and regulator inquiries. These inquiries include, but not limited to, requests from internal auditors, 3rd party auditors, and government regulators.
Establish a threat modelling approach in reviewing IAM controls such that AXP can make value driven decisions around investments in IAM controls.
As the volume of auditor and regulator requests exceeds the capacity of any one individual, the Director of IAM Audit, Controls and Metrics, must coach and continually develop a team of Information Security Professionals not just the through the response to regulator requests but the design of metrics and reports such that future requests are continually ready for inquiries.
Leverage a data driven approach to assist auditors and regulators in an understanding of perceived risks vs. AXP’s defence in depth approach that mitigates those risks.
Enhance the control environment at American Express through close partnership with Operational Risk Governance Group, Fortify the Controls Environment (FCE), Compliance, Issue Management and other Technology Risk leaders
Lead the continual evolution of IAM Policies and Standards as risks evolve and controls mature.
Ensure appropriate control ratings and compliance outcomes are achieved.
Partner with the Operational Excellence Operational Risk Events (ORE) and Customer Action Plans (CAP) to link events/CAPs to appropriate Process Risk Self-Assessment (PRSA).
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
8+ years of relevant professional work experience in Operational Risk Management with experience in Information Security and Technology Risk Management
Deep knowledge of compliance, risk management and internal IT control frameworks
Deep understanding of IAM especially in evolving areas such as Identity Governance Administration (IGA), Privilege Access Management (PAM), Cloud Identity and Access Management, and more
Broad understanding of information security subject areas with emphasis on incident management, risk management, and data analytics
Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures
Proven ability in extending and maintaining strong relationships in a complex multi-national corporation
Knowledge/experience with GRC tools (preferably Archer) inclusive of reporting
Ability to conceptualize complex control relationships and develop rigor in control development, design and testing practices
Ability to translate technical cyber security concepts to non-technical business leaders and influence in a matrix environment
Calm and decisive under pressure with strong operational leadership in stressful situations
Ability to prioritize actions for the benefit of the organization to remain focused on most critical issues
Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done
Strong problem solver with the ability to use analytical methods to affect change
Bachelor's degree in information assurance, accounting, computer science or related field
CPA, CISM, CISA, CRISC, or CISSP or equivalent certification
Preferred
Master's degree
Benefits
Competitive base salaries
Bonus incentives
6% Company Match on retirement savings plan
Free financial coaching and financial well-being support
Comprehensive medical, dental, vision, life insurance, and disability benefits
Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
Free and confidential counseling support through our Healthy Minds program
Career development and training opportunities
Company
myGwork - LGBTQ+ Business Community
myGwork is the largest global platform for the LGBTQ+ business community.
Funding
Current Stage
Early StageTotal Funding
$4.77MKey Investors
24 HaymarketInnovate UK
2023-08-17Series Unknown· $1.66M
2023-08-17Grant· Undisclosed
2021-12-07Series A· $2.12M
Recent News
2024-04-10
Company data provided by crunchbase