Director- Cybersecurity (Cloud Security Strategy & Governance)
Company: American Express
Location: Phoenix
Posted on: February 26, 2026
|
|
|
Job Description:
At American Express, our culture is built on a 175-year history
of innovation, shared values and Leadership Behaviors, and an
unwavering commitment to back our customers, communities, and
colleagues. From delivering differentiated products to providing
world-class customer service, we operate with a strong risk
mindset, ensuring we continue to uphold our brand promise of trust,
security, and service. As part of Team Amex, youll experience this
powerful backing with comprehensive support for your holistic
well-being and many opportunities to learn new skills, develop as a
leader, and grow your career. Here, your voice and ideas matter,
your work makes an impact, and together, you will help us define
the future of American Express. How will you make an impact in this
role? American Express is on an exciting cloud transformation
journey driven today by a successful, high-energy, delivery-focused
team that enables our vision of “security-as-code” and integrations
across a diverse set of teams and tools to ensure public cloud
security equivalency with on-premises security capabilities,
methods, and processes for all cloud service models (IaaS, PaaS,
SaaS) and workloads. The Director – Cloud Security Strategy and
Governance will collaboratively lead the Strategic Program
Management, Governance, and Operations functions of the technology
risk and cyber security controls and capabilities required to
secure the American Express cloud journey, including both our
private/public cloud. The Director will partner with Cloud
Engineering, Cloud Operations, other Technology partners, and all
TRIS domains to help drive secure adoption, governance, compliance,
and operations using a standardized risk-based model. The Director
will set the agenda by collaborating and driving cross-TRIS
matrixed capabilities to ensure appropriate risk informed delivery,
directly supporting the enterprise cloud strategy. The successful
candidate will be accountable for the oversight and delivery of the
Cloud Security Strategy and Governance program and the enablement
of all up-stream/down-stream processes and methods. This position
demands a well-organized action-oriented, team player with the
ability to prioritize daily work vs strategic roadmap items; work
on multiple initiatives simultaneously; establish and maintain an
outward looking view on new and evolving technologies; and an
ability to mature and operate business critical, end-to-end
processes and solutions – while ensuring a great colleague user
experience. You will work closely with other Information Security
departments, architecture and the Enterprise Cloud team, as well as
external cloud providers on requirements, design, integration and
delivery of these solutions. Responsibilities Include: • Build and
lead Program Management functions to drive delivery of centralized
cloud security reporting, governance, and finance functions •
Develop, coach and mentor a highly motivated team, while
coordinating closely with other Information Security and
Engineering leaders and business partners. • Partner in external
and internal audits, ensuring overall adherence to policies and
standards, driving the highest level of compliance through
response, remediation and escalation as necessary • Establish and
refine cloud security budget and finance forecasting for public
cloud consumption of security tools • Assess, measure and report
against cloud controls, and drive risk reduction guidance across
and in partnership with all TRIS domains • Partner with TRIS,
Engineering and business stakeholders to help define and prioritize
cloud security initiatives • Provide security expertise to the
Cloud Program, including Infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Cloud Application Architecture
subprograms. • Collaborate with enterprise architects and SMEs to
deliver comprehensive security solutions that align to Amex cloud
strategy • Capture requirements; build functional specifications,
timelines, adoption plans and other artifacts to support security
implementation. • Partner with Architecture teams to build
cloud-optimized security patterns and contribute to Enterprise
Architecture governance. • Partner with and support the Engineering
team to drive and execute results in a timely manner. Minimum
Qualifications: • 8 years of experience in Information Security
Roles and/or 15 years leading platform development • Masters Degree
in computer science or computer engineering, or related field •
Experience with Cloud Control Matrix and CIS benchmarks for gap
assessment • Platform engineering experience, including cloud
modernization • Broad understanding of all IS disciplines
including, Governance, Cyber Threat, Identity and Access,
Infrastructure, Endpoint, Vulnerability, Data Protection,
Operations, Application, Incident Response. • Understanding of
Information Security technology and platform delivery with
experience in planning and execution of security projects. •
Understanding of Cloud Fundamentals, including containers,
software-defined networks, high availability design, multi-cloud,
and serverless compute. • Demonstrated experience in Agile
environments, application design, software development, and
testing. • Experience with adoption and implementation of GenAI
Preferred Qualifications: • Information Security Certification
required, CISM or similar. Salary Range: $144,250.00 to $256,250.00
annually bonus equity (if applicable) benefits The above represents
the expected salary range for this job requisition. Ultimately, in
determining your pay, we’ll consider your location, experience, and
other job-related factors. We back you with benefits that support
your holistic well-being so you can be and deliver your best. This
means caring for you and your loved ones physical, financial, and
mental health, as well as providing the flexibility you need to
thrive personally and professionally: • Competitive base salaries •
Bonus incentives • 6% Company Match on retirement savings plan •
Free financial coaching and financial well-being support •
Comprehensive medical, dental, vision, life insurance, and
disability benefits • Flexible working model with hybrid, onsite or
virtual arrangements depending on role and business need • 20 weeks
paid parental leave for all parents, regardless of gender, offered
for pregnancy, adoption or surrogacy • Free access to global
on-site wellness centers staffed with nurses and doctors (depending
on location) • Free and confidential counseling support through our
Healthy Minds program • Career development and training
opportunities
Keywords: American Express, Phoenix , Director- Cybersecurity (Cloud Security Strategy & Governance), IT / Software / Systems , Phoenix, Arizona
