Manager-CyberOps & Assurance-Third Party Security Assessments

Overview

Manager – Cyber Ops & Assurance, Third Party Security Assessments, reporting to the Director of Third Party Security Assessments, will lead a team responsible for technical assessments and inspections of the company’s most critically sensitive third parties. The Manager will conduct physical and logical inspections of Information Security and Technology controls, publish assessment results, issue gaps, provide consultation, and validate remediation.

The role also involves developing and maintaining assessment tools, collaborating with multiple internal teams, external assessors, and product/tool management to ensure readiness and effective monitoring.

• Performance of technical physical and logical assessments for in-scope third parties.
• Contribute to the development and enhancement of current assessment tool capabilities, including AI enablement.
• Assist with evaluation, development and maintenance of tools/technologies to support monitoring capabilities.
• Perform ongoing tracking and monitoring of progress and assist in management reporting on a periodic basis.

• 10+ years of experience in Information Security, and/or Third Party Assessments required.
• Demonstrated expertise in Information Security and Third Party Risk.
• Intermediate knowledge of GenAI concepts, both for assessment knowledge and internal tool development/maintenance.
• Familiarity with secure software development practices.
• Expertise in web and mobile application vulnerabilities – detection and mitigation strategies.
• Expertise in DAST and SAST scanning technologies, ethical hacking experience desired but not required.
• A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management.
• Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, or PCI highly preferred.
• Self‑motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.
• Proven excellent relationship management skills with all levels of the enterprise are required.
• Ability to effectively collaborate across teams.
• Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders.
• Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea.
• Ability to analyze complex information and identify the most relevant details.

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.