American Express Information Security Analyst in Columbia, South Carolina
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is on a mission to provide the world’s best customer experience every day. Rooted in this vision is the work of the Technology Risk & Information Security organization, empowering the company to delivery superior service through trust, security, and safety. Our culture is centered around passion, curiosity, and courage, enabling you to innovate and evolve a Fortune 100 company. You can help us achieve our mission!
This role will be responsible for assisting with activities designed to systematically handle information security, such as security investigations, intelligence, assurance, and awareness, and/or other project oversight, including developing standard methodologies for information security standards and handling IT controls and compliance with regulatory guidance.
What type of work can you expect to do in Information Security at American Express?
Security Incident Response/Threat Intelligence
Act as the front line of defense at American Express protecting the brand, employees, assets and card members across the globe against threats 24/7/365
Minimize risk of cyber attacks and focus on detection and response to threats
Monitor, detect, and respond to security events and incidents that affect AXP globally
Infrastructure, Application, and Network Security
Drive risk reduction through the rapid identification and remediation of vulnerabilities across the enterprise
Deliver secure network solutions that enable secure operations and highly available products and services for our customers
Safeguard AXP data, customers, and brand through continuous monitoring and testing of production application environments
Data Loss Prevention
Protect our customers, partners, and colleagues from the loss of sensitive information through normal business processes and/or malicious actors
Monitor and block sensitive data loss where legally permissible
Identity and Access Management/Authentication
Deliver centralized Enterprise Identity and Access Management products
Provide authentication, authorization, and full lifecycle management capabilities
Reduce, manage, and monitor risk associated with identity and access to AXP resources
Protect all forms of sensitive information, on all platforms, resulting in protection of the Brand and information assets, and regulatory compliance
Deliver cryptographic and key management solutions, and manage and operate secure cryptographic platforms
Drive continuous enhancement to data protection
Governance, Risk, Compliance
Bridge traditional boundaries between cyber and IT risk and expanding partnerships with IT and the business to drive risk reduction in the enterprise
Innovate Risk Management through enhancements in tooling and automation of processes; expand the capabilities of technology risk management
Extend risk management and control expertise beyond the information security domains into IT development organizations and the business
In-depth knowledge of cyber threats along with common security controls, detection capabilities, and other practices / solutions for securing digital environments. Including packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection/prevention systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
Understanding of what information or assets are of value to threat actors and how organizations are breached.
In-depth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies).
Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Can apply a variety of structured analytic techniques to generate and test a hypothesis, assess cause and effect, challenge analysis, and support decision making.
EDUCATION / CERTIFICATION
- Bachelor's degree or equivalent combination of education and experience preferred.
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: United States
Req ID: 21006646