Director Information Security - Application Security Managem

at American Express in Dover, Delaware, United States

Job Description


You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible – and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

The Director of Application Security Management will be responsible for balancing engineering needs with risk management and regulatory compliance across the AXP Enterprise landscape by growing and leading a team tasked with designing and running automated security controls. In addition, the ideal candidate recognizes the importance of building security controls that scale to an agile enterprise. The successful candidate must have experience evolving and designing control frameworks in alignment with delivery transformation, have awareness of modern software development practices and automated build pipelines, and be familiar with Application Security tools and principles. The candidate will be expected to drive results and lead through others.


+ Provide strong leadership to a team of application security engineers and practitioners by establishing clear direction, a productive culture, and measurable goals in pursuit of the overall organizational strategy and roadmap

+ Become an expert in the AXP Enterprise technology stack to understand points of weakness and opportunities for application security services and solutions

+ Integrate, monitor, and measure security controls in the SDLC

+ Drive and manage embedded and automated security testing at scale and report on risk across AXP Enterprise applications

+ Collaborate with internal stakeholders and partners on addressing systemic security issues

+ Evaluate and prioritize security activities to ensure timely execution per risk based approaches and application team needs

+ Provide escalation point for resolving application security testing issues and concerns

+ Recruit, mentor, and grow a talented team of application security experts

+ Continuously review application security tools and services to evaluate efficacy and applicability

+ Ensure successful execution of regulatory and audit responses


+ Bachelor’s Degree in Computer Science or similar field of study; advanced degree preferred

+ Relevant professional certification preferred

+ Five or more years of application security experience in a fast-paced, agile environment preferred

+ Five or more years of software development experience across web, mobile, and API preferred

+ Knowledge in tools and/or processes to reliably identify security issues and business logic flaws (SAST, DAST, IAST, BDD, etc)

+ Knowledge in application security concepts such as OWASP Top 10

+ Knowledge of and experience in DevOps methods and principles

+ Strategy development and strong technical leadership experience

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.

Job: Technology

Primary Location: United States

Schedule Full-time


Req ID: 21021598

Copy Link

Job Posting: JC191951187

Posted On: Sep 09, 2021

Updated On: Oct 10, 2021