Director-Cyber Security (Privilege Access Management / PAM)

Job Description

Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.
The Technology organization enables and accelerates the company’s growth strategies, delivering global capabilities and services in support of Amex’s customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.

At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage—empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

Director, Cybersecurity provides leadership and guidance to senior cybersecurity colleagues, leading high-performing teams in the strategic development and enterprise-wide implementation of robust cybersecurity frameworks and strategies. Position leads the the Privilege Access Management (PAM) team within Identity and Access Management (IAM) and is focused on delivering enterprise controls regarding access to critical infrastructure and applications.

Responsibilities

• Oversees and mentors teams in Cybersecurity to foster a culture of continuous learning, growth opportunities, and inclusivity
• Manages resource allocation, project timelines, and budgets to ensure alignment of cybersecurity projects with organizational goals
• Collaborates with senior leadership to hire top talent and implement strategies for talent retention and professional development, ensuring a high-functioning and cohesive team
• Drives strategic initiatives in cybersecurity, managing risk and ensuring compliance with global standards and regulatory requirements
• Leads responses to complex security and operational events, coordinating with cross-functional teams to mitigate impacts, analyze root causes, and prevent recurrences
• Develops, enforces, and innovates advanced security policies, procedures, and standards to maintain compliance and champion a culture of security awareness and proactive risk management
• Develops and drives strategies for vulnerability management, integrating comprehensive assessments or penetration testing into risk management practices
• Ensures the effectiveness of security controls through regular audits, assessments, or metrics
• Maintains relationships with external partners and regulatory bodies to stay updated on the latest cybersecurity trends and regulatory requirements
• Engages and influences stakeholders across the organization to prioritize and implement critical security recommendations
• Collaborates and co-creates effectively with teams in product and the business to align technology initiatives with business objectives
• Leading a team of professionals in architecting and operating Privilege Access Management controls across the enterprise.
• Establishing a vision and then leading the team to transform Privilege Access Management through the implementation of Agentic AI within PAM controls.

Qualifications

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, and/or comparable experience; advanced degree preferred
• Knowledge of security frameworks and best practices
• Knowledge of Network Security and Application Security
• Knowledge of Threat Modeling
• Knowledge of Identity & Access Management (IAM)
• Knowledge of Cloud Security Management
• Knowledge of global regulatory requirements and industry standards for cybersecurity
• Knowledge of Data Security Management
• Knowledge of network protocols (e.g., TCP/IP, DNS, HTTP) and security fundamentals
• Knowledge of Security Architecture Management
• Knowledge of Security Governance and Operations
• Knowledge of Security Testing & Remediation
• Knowledge of Data Engineering
• Knowledge of scripting languages such as Python, Bash, or PowerShell for automating security tasks
• Knowledge of cybersecurity technologies, risk management, threat intelligence, and incident response

• Technical expertise in multiple relevant technologies, with knowledge of enterprise architecture frameworks, cybersecurity protocols, and operational best practices

  Work Experience:

• Experience in a cybersecurity senior leadership role
• Experience in leadership and mentorship roles, with the ability to foster a culture of continuous learning and professional development
• Experience in designing and implementing advanced security architectures in large, complex organizations
• Experience collaborating with senior leadership to align security strategies with business goals
• Experience in common Privilege Access Management tools: Password vaults, session managers, authZ controls at the server level.
• Experience in engineering solutions using Generative or Agentic AI. This includes the use of agents to automate functions, development of custom GPTs to speed assessments and audit responses, and more.

Licenses and Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.