Vice President, Third-Party Security - job 2 of 6

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact in this role?

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

The objective of the Third-Party Security Vice President is to lead the strategy and execution of Information Security governance functions for our highest risk third party agreements.  This role is responsible for deploying innovative capabilities to reduce the residual risk of cyber-attacks and minimize exposure that may lead to disruption or loss of technology assets.  The candidate will be accountable for establishing, leading and running a globally dispersed organization to reduce risk for Technology at American Express.  This role will partner closely with the EVP Chief Information Security Officer, and with various business units and technology stakeholders. 

The selected candidate will lead a diverse team of high-performing professionals focused on ensuring operational practices to monitor third parties is executed with control management embedded in the day-to-day operations of our organization. It will involve extensive collaboration with multiple partners across numerous business units, functional areas, and geographies.

The VP, Third-Party Security will:

•        Set and execute on a strategic vision and roadmap for the program
•        Optimize 3rd party security risk management consistent with emerging threats, legal requirements, and regulatory expectations
•        Manage technical solutions that proactively protect American Express against emerging threats
•        Deliver leadership reporting and risk metrics for the program that drives awareness and cultural change across the company, and demonstrates the effectiveness of the program
•        Proactively identify areas of high-risk for intervention including automated alerts for our monitoring program
•        Compile thematic risk reporting (levels, trends, causes) to provide actionable insights to BU and EVP on current third party performance
•        Serve as a key partner in the Third Party Lifecycle Management programs
•        Overseeing key activities such as Monitoring; Assessments; Gap Management; and Committee escalations related to Third-Party Information Security practices
•        Consult on Business and Technology projects to ensure appropriate security is delivered as part of any third party solution
•        Partner with General Counsel to conduct Information Security contract provisions as appropriate
•        Continue to mature the operational processes while managing first line risk
•        Respond to relevant audit and examination requirements from both internal auditors and external examiners
•        Drive talent strategy (acquisition, development, and retention) for the program

Required Qualifications

• 7+ Years experience of Information Security experience
• 5+ years of Third Party Management experience, preferably in the Information Security domain
• At least 5 years of experience working with Regulators and in complex regulated businesses
• Strong in risk management with the ability to link threats to risk tolerance and control effectiveness measurements
• 3 years of contract negotiations specific to Information Security clauses and terms
• Thought leader with the ability to effectively manage risk and pro-actively develop security strategies
• Demonstrated ability to provide strategic vision and execution against a strategic plan
• Proven ability in extending and maintaining strong relationships in a complex multi-national corporation
• Strong problem solver with the ability to use analytical methods to affect change
• Calm and decisive under pressure with natural operational leadership in stressful situations
• Proven ability to deescalate situations and seek common solutions to key business and technology issue
• Understanding of critical operational risk management lifecycle activities
• Deep people leadership experience with an emphasis on building a diverse and efficient team
• Proven track record of establishing and overseeing robust decision-making processes that align with policies, regulatory frameworks, and/or operational standards
•      Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from senior BU/tech counterparts

Preferred Qualifications:

•         Bachelor's Degree Information Security are preferred
•         Information Security Certifications including; CISSP; CISM; CISA are strongly recommended

 Salary Range: $210,000.00 to $300,000.00 annually + bonus + equity (if applicable) + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries 
• Bonus incentives 
• 6% Company Match on retirement savings plan 
• Free financial coaching and financial well-being support 
• Comprehensive medical, dental, vision, life insurance, and disability benefits 
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy 
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
• Free and confidential counseling support through our Healthy Minds program 
• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers - Click to view the “Know Your Rights” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: https://www.eeoc.gov/poster