Information Security Technology Manage

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We are here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

American Express Global Business Travel (Amex GBT) is seeking a motivated and driven individual to maintain and enhance an existing information security management system and associated frameworks. By joining our Global Cyber Governance, Risk and Compliance team, you will be a core member responsible for security oversight and compliance management for a dedicated product/service in the Company's portfolio. You will be responsible for promoting best practices, company's policies and controls in protecting the confidentiality, integrity and availability of GBT's assets.

The information security manager will be responsible for managing an existing ISO 27001 ISMS and maintaining associated ISO 27001 certification as well as PCI DSS certification for a product line. This role will include responsibility for managing policies, controls reviews, management reporting, exception and issue remediation tracking, metrics and support of customer facing security requests.

What You'll Do:

• Serves as a single point of contact for information security related audit and assessments requests which will include Internal Audit, Key Controls Testing, PCI and ISO 27001 audit engagements.
• Responsible for ISO 27001 and PCI DSS certification execution.
• Supports departments by collecting and coordinating internal compliance data with auditors and various departments.
• Maintains audit schedule and request trackers, collects evidence and supports audit fieldwork/certification engagements.
• Prepares management reports for technical, management and leadership level stakeholders including Management Reviews and metrics.
• Drives completion of management responses and compiles mitigation plans, tracks progress of mitigation activities, when applicable.
• Enhances compliance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments which may include policy creation and management, exception evaluations and tracking, metrics, etc.
• Identifies areas of improvement and enhances awareness of security requirements.
• Drives information security policy and standard enhancements.
• Provide support in various security risk reviews, conducts risk assessments, control testing and supports execution of assigned security controls.
• Conducts internal and external audits.
• Completes customer security questionnaires and assessments and participates in the customer RFP engagement process.

What We're Looking For:

• Must have Fluent English and French, preference is for Bilingual background.
• Strong leadership skills and ability to work effectively with a multi-disciplinary set of stakeholders across different levels, time zones and with minimal supervision.
• Formal experience with ISO 27001 certification and ISMS management as well as PCI DSS.
• Experience complying with industry security standards such as COBIT, ISO 27001/2, NIST CSF or similar.
• Experience working with 3rd party security auditors.
• Strong understanding of the business impact of security tools, processes, and policies as well as high proficiency in how to assess risk and business impact.
• Team player; able to work collaboratively and effectively with and through others at all levels in an organization; proven ability to influence others and move toward a common vision or goal.
• Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
• Excellent understanding of technical security safeguards.
• Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
• Strong project management and people management skills.
• Solid analytical skills and understanding of processes, technology and operational concepts.
• 5+ years of relevant security technology experience.
• 3+ years in similar role, such as Information Security Officer/Manager, IT Administrator, or Data Governance Officer/Manager.

All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.

Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process.

If you're passionate about our mission and believe you'd be a phenomenal addition to our team, don't worry about 'checking every box;' please apply anyway. You may be exactly the person we're looking for.