American Express Information Security Specialist- End User Computing in Phoenix, Arizona
The successful candidate will participate in a team of IT security professionals to architect, engineer, and support multiple security solutions for the enterprise. The candidate’s primary responsibility will be to ensure appropriate security controls are in place in the End User Computing platforms (Desktop, Laptop, & Mobile). The candidate will be responsible for ensuring security solutions are appropriately developed and leveraged in both the Mobile and Desktop End User Computing space, identifying areas of risk, and designing solutions/controls to mitigate the risk.
Responsible for reviewing the security controls in place in the Mobile and End User Computing environment on a regular basis. Looking for overlap or consolidation opportunities, identifying any gaps for existing or new attack vectors.
Responsible for reviewing and making recommendations on new vendor offerings such as updated operating systems, OS version upgrades, new OS security functionality, etc.
Providing consulting from an information security perspective on new projects and capabilities being proposed by the Mobile and End User Computing organizations. Coordinating efforts with other Information Security departments as needed to ensure the correct teams are engaged.
Monitoring news feeds and sources for emerging threats, updates, and new industry trends and tools.
Performing just-in-time threat analysis and impact assessment
Providing performance analytics on multiple platforms and identifying areas for improvement
Determining the security posture of deployed operating systems and making determinations on whether software should be on the whitelist from an information security perspective.
Comparing security agent coverage from a platform perspective (Android, iOS, Windows, OSX, etc.) and determine any gaps or inconsistencies.
Reviewing current security standards, policies, and configuration around the Mobile and End User Computing environment.
Developing reporting and remediation strategies for vulnerabilities/misconfigurations identified in the Mobile and End User Computing environments.
Responsible for leading initiatives across multiple business and technical environments, covering a wide range of business/technical functions, i.e. workflow automation, incident response, data feeds, service continuity, regulatory management, IT risk governance, vendor management, Identity and Access Management , project management, incident management, information security, vulnerability management, forensics, web security, etc.
May participate as subject matter expert or act as project manager for one large, complex or multiple moderately complex initiatives
Manages the development and delivery of standards, best practices, and architecture and system oversight programs to ensure effective controls across the enterprise
Develop, plan and implement strategies that improve the overall maturity of our IT risk, governance and compliance processes, programs and/or skills
Performs monitoring of events and security incidents and recommends solutions
Works with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls, IT risk management and regulatory/compliance requirements
Provides strategic recommendations to leaders and key decision makers regarding security, IT risk, governance and compliance matters
Ability to define and develop appropriate metrics for ongoing reporting
Facilitates the development of plans and strategies for information security, service continuity and other risk processes and programs
Supports stakeholders to achieve targeted levels of operational IT risk management, information security, service continuity, project oversight and IT controls
Supports the investment decision process by developing business cases and cost benefit analyses for new information security, service continuity or other risk domain solutions
Documents current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
Manages the integration of vendor requirements and tasks, and track and review vendor deliverables
Responsible for evaluation of applications, tools and systems
Makes recommendations and assists in the implementation of changes to strengthen processes, procedures and compliance resulting in enhanced information security, service continuity or reduced IT risk
Blue Box Leadership Competencies • Develops Winning Strategies: Maintains an understanding of enterprise Business initiatives and objectives and the various line portfolios • Drives Results: Support multiple priorities under tight timeframes High degree of initiative, dedication • Drives Innovation and Change: Demonstrates a focus on optimizing IT investments Detail-orientated with the ability to synthesize large amounts of data • Communicates Effectively: Verbally and in writing Presentation skills • Demonstrates Personal Excellence *ALL Blue Box Leadership Competencies are important to the role. Those indicated here are of particular significance.
Five or more years of Architecture/Engineering experience in End User Computing and Mobile platforms (Android, iOS, Windows 7, Windows 10, Apple OSX, etc.)
Demonstrated information security experience around End User Computing and Mobile platforms
Experience with virtualization and Virtual Desktop Infrastructure (VDI)
Experience with containerization tools such as Windows Containers / Docker
Demonstrated experience with information security around mobile devices (Blackberry, iOS, Android), and enterprise mobility management/Bring Your Own Device
Knowledge of OSI model, deep networking, and stateful firewall concepts a strong plus
Must have knowledge in technology infrastructure security, networking, databases, systems and/or Web operations; business continuity or disaster recovery disciplines; risk management disciplines
Fluency in software development and scripting languages preferred such as Java, .Net, Python, PowerShell, Perl, etc. a plus
- Experience with IT risk management and process improvement
Experience working with internal and external auditors, and regulatory examiners
Highly developed communication skills
Excellent time management skills; ability to prioritize and multi-task
Demonstrated ability to deliver on time and on budget
Requires knowledge of a minimum of several business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; privilege access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance
Typically holds a Bachelor's degree in Computer Science, Information Systems or Business Administration (or equivalent work experience)
Professional certifications preferred (e.g. CISA, CISSP, CISM, MCSE, etc.)
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
Title: Information Security Specialist- End User Computing
Requisition ID: 18003539