Information Security Manager - Third Party Risk - Application Security (Web & Mobile)

American Express

Company Type

This position, reporting to the Director of Third Party Risk, will be part of a team responsible for the continuous monitoring of the company’s most critically sensitive third parties.  The team is also responsible for performing in depth technology and information security assessments of critical third parties.


The person in this position will be responsible for managing third party application (Web & Mobile) security risk specifically focused on aspects of assessing, monitoring, and reporting on third party risks, process recommendations, testing of program controls. 


Responsibilities also include:

  • Coordinate with BUs to perform risk sizing exercise for their respective portfolio of third party vendors.
  • Assist with evaluation of tools / technologies to support monitoring capabilities.
  • Support execution of technical physical and logical assessments for in-scope third parties.
  • Perform on-going tracking and monitoring of progress, and assist in management reporting on a periodic basis.



·        10 years experience in Information Security and/or Third Party required, additional expertise in Operational Risk highly preferred.

·        Demonstrated expertise in Application Security and Third Party Risk, specifically web and mobile application security, configurations, vulnerability, change management, SDLC.

·        Demonstrated expertise in Information Security and Third Party Risk Management,

·        Web and/or mobile application development expertise

·        Familiarity with secure software development practices

·        Expertise in web and mobile application vulnerabilities – detection and mitigation strategies,

·        Expertise in DAST and SAST scanning technologies, ethical hacking experience desired but not required.

·        A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management

·        Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI high preferred  

·        Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.  

·        Proven excellent relationship management skills with all levels of the enterprise are required

·        Ability to effectively collaborate across teams

·        Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders 

·        Ability to identify gaps between one’s skillset and the needs of the team.

·        Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps

·        Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea

·        Involving the right people to ensure the best decisions are made in a timely manner

·        Ability to analyze complex information and identify the most relevant details.

·        Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity

·        Strong sense of personal accountability and ability to drive results

·        Bachelor’s Degree in Computer Science or Engineering preferred


Why American Express 


Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


ReqID: 18008694
Schedule (Full-Time/Part-Time): Full-time
Read Full DescriptionHide Full Description
Confirmed 23 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

One Step Register
Need an account? Sign Up