Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
American Express Global Business Travel (Amex GBT) is seeking a motivated and driven individual to maintain and enhance an existing information security management system and associated frameworks. By joining our Global Cyber Governance, Risk and Compliance team, you will be a core member responsible for security oversight and compliance management for a dedicated product/service in the Company’s portfolio. You will be responsible for promoting best practices, company’s policies and controls in protecting the confidentiality, integrity and availability of GBT’s assets.
The information security manager will be responsible for managing an existing ISO 27001 ISMS and maintaining associated ISO 27001 certification as well as PCI DSS certification for a product line. This role will include responsibility for managing policies, controls reviews, management reporting, exception and issue remediation tracking, metrics and support of customer facing security requests.
What You’ll Do :
Serves as a single point of contact for information security related audit and assessments requests which will include Internal Audit, Key Controls Testing, PCI and ISO 27001 audit engagements.
Responsible for ISO 27001 and PCI DSS certification execution
Supports departments by collecting and coordinating internal compliance data with auditors and various departments.
Maintains audit schedule and request trackers, collects evidence and supports audit fieldwork/certification engagements
Prepares management reports for technical, management and leadership level stakeholders including Management Reviews and metrics
Drives completion of management responses and compiles mitigation plans, tracks progress of mitigation activities, when applicable
Enhances compliance department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments which may include policy creation and management, exception evaluations and tracking, metrics, etc
Identifies areas of improvement and enhances awareness of security requirements
Drives information security policy and standard enhancements
Provide support in various security risk reviews, conducts risk assessments, control testing and supports execution of assigned security controls.
Conducts internal and external audits
Completes customer security questionnaires and assessments and participates in the customer RFP engagement process.
What We’re Looking For :
Must have Fluent English and French, preference is for Bilingual background.
Strong leadership skills and ability to work effectively with a multi-disciplinary set of stakeholders across different levels, time zones and with minimal supervision
Formal experience with ISO 27001 certification and ISMS management as well as PCI DSS.
Experience complying with industry security standards such as COBIT, ISO 27001/2, NIST CSF or similar
Experience working with 3rd party security auditors
Strong understanding of the business impact of security tools, processes, and policies as well as high proficiency in how to assess risk and business impact
Team player; able to work collaboratively and effectively with and through others at all levels in an organization; proven ability to influence others and move toward a common vision or goal.
Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
Excellent understanding of technical security safeguards.
Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
Strong project management and people management skills.
Solid analytical skills and understanding of processes, technology and operational concepts.
5+ years of relevant security technology experience.
3+ years in similar role, such as Information Security Officer/Manager, IT Administrator, or Data Governance Officer/Manager
#GBTJobs
Location
United Kingdom
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.
Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.
What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!