New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing:
- Developing plans and strategies for information security tools, processes, and programs
- Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
- Encouraging employee contribution, such as feedback, career development planning, and goal setting.
- Responding to changes in the regulatory environment and assisting other organizations in doing the same.
The primary focus for the Information Security Manager is designing processes and products with outcomes that effectively protect the enterprise and the related management of regulatory/compliance. Provides consultation and strategic recommendations to internal business partners, customers and vendors in assessing secure business solutions and mitigating controls to protect corporate intellectual capital and other sensitive data. Leads small teams of information security professionals. This position is part of the Identity and Access Management (IAM) team within Information Security.
Specific responsibilities include:
- Provides day-to-day operational management for the IAM Strategic Operations function including finance, resource planning and strategy and vendor management.
- Leads IAM Strategic Big Bet initiatives through collaboration across IAM functions and other technology organizations, leveraging the agile framework including Rally and Jira
- Implements processes and methods for auditing and addressing non-compliance to information security standards and methodologies; facilitates migration of non-compliant environments to compliant environments
- Defines, develops, and implements appropriate metrics for ongoing reporting; acts as required based on trend data
- Supports stakeholders to achieve targeted levels of information security, project oversight, and controls
- Act as counsel / advisor to Director regarding IAM security discipline trends, innovation, vision etc.
In addition, the Information Security Manager will:
- Participate in the development of IAM strategy, tactical planning and prioritization of initiatives across all IAM disciplines with a strong focus on portfolio management and cross functional product initiatives.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage risk associated with Identity and Access Management
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security in general and Identity and Access Management
- Facilitates improved solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
- Provides consultation to internal Business partners, customers and Vendors in assessing information security risks and implementing mitigating controls to protect corporate intellectual capital, and other sensitive data
- Respond to requests for portfolio information including BUR, monthly finance review and updates on strategic big bets
- Accountable for ensuring security best practices, policies, and procedures are implemented
- Accountable for creating and delivering timely, accurate and insightful analysis based on critical IAM risk and operational controls
- Knowledge in technology infrastructure security, networking, databases, systems and/or Web operations; or other information security disciplines
- Knowledge of integrated data concepts and experience with visualization tools (Visio, Power BI and Tableau), data ingestion, data and metrics definitions.
- Expertise using MS Productivity Suite, Concur, Clarity, Fieldglass, PMDB, Ariba, Rally and Jira to manage large complex initiatives.
- Knowledge of frameworks, standards, and best practices (i.e., NIST, PCI, ISO, COBIT, CMMI)