Information Security Technology Manager

工作内容

Information Security Technology Manager

American Express Global Business Travel (Amex GBT) is seeking a motivated and driven individual to maintain and enhance an existing information security management system and associated frameworks. By joining our Global Cyber Governance, Risk and Compliance team, you will be a core member responsible for security oversight and compliance management for a dedicated product/service in the Company’s portfolio. You will be responsible for promoting best practices, company’s policies and controls in protecting the confidentiality, integrity and availability of GBT’s assets.

The information security manager will be responsible for managing an existing ISO 27001 ISMS and maintaining associated ISO 27001 certification as well as PCI DSS certification for a product line. This role will include responsibility for managing policies, controls reviews, management reporting, exception and issue remediation tracking, metrics and support of customer facing security requests.

The Information Technology Risk and Security Manager role is a multi-faceted function whose objective is to drive the completion all of GBT information security audit, assessment initiatives as well as lead various GRC projects and functions on as needed basis. This is hand-on role and position with direct management of a compliance framework.

Job Description

• Serves as a single point of contact for information security related audit and assessments requests which will include Internal Audit, Key Controls Testing, PCI and ISO 27001 audit engagements.
• Responsible for ISO 27001 and PCI DSS certification execution
• Supports departments by collecting and coordinating internal compliance data with auditors and various departments.
• Maintains audit schedule and request trackers, collects evidence and supports audit fieldwork/certification engagements
• Prepares management reports for technical, management and leadership level stakeholders including Management Reviews and metrics
• Drives completion of management responses and compiles mitigation plans, tracks progress of mitigation activities, when applicable
• Enhances compliance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments which may include policy creation and management, exception evaluations and tracking, metrics, etc
• Identifies areas of improvement and enhances awareness of security requirements
• Drives information security policy and standard enhancements
• Provide support in various security risk reviews, conducts risk assessments, control testing and supports execution of assigned security controls.
• Conducts internal and external audits
• Completes customer security questionnaires and assessments and participates in the customer RFP engagement process.

Experience Requirements

• Must have Fluent English and French, preference is for Bilingual background.
• Strong leadership skills and ability to work effectively with a multi-disciplinary set of stakeholders across different levels, time zones and with minimal supervision
• Formal experience with ISO 27001 certification and ISMS management as well as PCI DSS.
• Experience complying with industry security standards such as COBIT, ISO 27001/2, NIST CSF or similar
• Experience working with 3rd party security auditors
• Strong understanding of the business impact of security tools, processes, and policies as well as high proficiency in how to assess risk and business impact
• Team player; able to work collaboratively and effectively with and through others at all levels in an organization; proven ability to influence others and move toward a common vision or goal.
• Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
• Excellent understanding of technical security safeguards.
• Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
• Strong project management and people management skills.
• Solid analytical skills and understanding of processes, technology and operational concepts.
• 5+ years of relevant security technology experience.
• 3+ years in similar role, such as Information Security Officer/Manager, IT Administrator, or Data Governance Officer/Manager

Location
France>Virtual Location
It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.

Posted 28 Days Ago Full time J-45385

American Express Global Business Travel (GBT) is the world’s leading business partner for managed travel. We help companies and employees prosper by making sure travelers are present where and when it matters. We keep global business moving with the powerful backing of 16,000 travel professionals in more than 140 countries. Companies of all sizes, and in all places, rely on GBT to provide travel management services, organize meetings and events, and deliver business travel consulting.