- Assess the design and operating effectiveness of information security controls upon which the American Express Asia-pacific legal entities rely to protect Confidentiality, Availability, and Integrity of Information and Systems

- Collaborate with General Counsel, Market Compliance, and the American Express Privacy Office to support market regulatory requirements

- Lead the information security related aspects of regulatory changes and projects

- Identify, scope, and investigate new information security risks, including assisting with assessment of key American Express third-party providers in the region

- Deliver leadership reporting and risk metrics that demonstrate the effectiveness of the cyber security program to American Express Asia-pacific legal entities.

- Consult on market-specific Business & Technologies projects to ensure appropriate security protection

- Craft responses to Information Security audit and examination requirements for the market

- Operate as part of the extended Information Security team in support of all security and compliance initiatives

- Collaborate with global teams to publish market specific Information Security KPIs/KRIs

- Participate in represent regional information security office in APAC risk committees

- Participate in meetings with regulatory bodies in Asia Pacific and present Information security posture of American Express

Required Skills :

- 5-10 years of Information Security experience

- Experience working with regulators, such as METI, in complex regulated businesses

- Broad understanding of information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security, identity and access, incident management and data analytics

- Strong in risk management. Ability to link threats to risk tolerance and control effectiveness measurements.

- Understanding of cyber regulatory landscape in Asia Pacific Region

Required Work Experience, Education, Certification / Training :

- Bachelors degree in computer science, information systems, network security or other related field. Masters degree preferred

- Professional certifications (CISSP, CRISC, CISA, PCI, CISM or equivalent)

- At least 5 years work experience in information security or technology risk management

- Technical background with hands-on experience across a variety of technologies

- Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)