Support execution of information security assessments for third parties by reviewing security documentation, evaluating control evidence, and identifying potential risks and gaps. Coordinate internal stakeholders and third parties to track assessment activities, remediation efforts, and reporting requirements. Assist in maintaining assessment records, preparing operational metrics, and driving process efficiencies through automation and approved AI-enabled tools. Strong analytical, communication, and stakeholder management skills with a foundational understanding of cybersecurity, risk management, and emerging technologies are preferred.
Responsibilities
The incumbent will be required to support TSM (Third-Party Security Management) processes which are executed and operated under TLM (Third-Party Lifecycle Management). TSM team is responsible for assessing global third-parties on their Information Security practices against Amex standards and derives risks to Amex data and systems. A brief job description for the same shall be:
- Support execution of information security assessments for in-scope suppliers (e.g. support with security assessments, assess the quality of IS/IT assessments conducted by other assessors, define risk ratings as appropriate to the control failures, treatment for risk mitigation etc.)
- Help the team in tracking overall assessment activities end-to-end (toll-gates, current status, IS critical assessments progress) against existing milestones and report on a regular basis.
- Help in coordinating InfoSec gap remediation with stakeholders e.g. with BU relationship managers, External Assessors, and third parties, etc. Able to review control evidence and provide suitable suggestions to the Business Partners.
- Contribute to understanding and improving Standard Operating Procedures/Policies for TSM.
- Coordinate and help in drafting training materials as needed (e.g. TSM or TRM Trainings, etc.).
- Act as a process champion (buddy) for new people onboarding e.g. training, access needs, etc.
- Schedule, execute and document critical meeting minutes for both internal and external stakeholders (e.g. Team meetings, Operation/Calibration calls with Assessors, gap remediation calls, etc.).
- Find and drive efficiencies, optimal usage of resources, and contribute to automation and continuous process improvement initiatives.
Skills and Behavior
- Possesses prior IT and business work experience with exposure to various technical environments and business processes.
- Experience working with auditors and regulators is recommended.
- Strong interpersonal skills as the role involves dealing with multiple stakeholders in diversified geographies including External Assessors, ISO team, etc.
- Excellent communication skills (both written and verbal).
- Task-oriented with accountability and the ability to understand the broader business context.
- Flexibility and enthusiasm to take on special projects and collaborate to drive team success.
- Attention to detail in reading and drafting procedures/reports.
- Superior skill in organizing, managing, and interpreting data, and ability to effectively collaborate across teams and analyze complex information.
- Curiosity and willingness to continuously learn emerging technologies and their associated business and security implications.
Professional Requirements
- 5-6 years of overall experience (and 2-3 years in IT/InfoSec, Audits & Assurance, Risk and Compliance, Cyber Security preferably).
- Experienced professional at responsible positions, including exposure to working with global teams.
- Bachelor's Degree in Computer Science or Engineering recommended / Chartered Accountant degree / Risk certifications such as ISO27001, CISSP, CISM, CISA, CRISC, or PCI is highly recommended.
Strongly recommended: Foundational understanding of Generative AI and Agentic AI technologies, including the ability to effectively leverage approved AI tools, craft effective prompts to improve operational efficiency, critically assess AI-generated outputs, and understand the security, privacy, governance, compliance, and risk implications associated with AI-enabled solutions.