I am...

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

• Support an evolving reporting framework, generates metrics on third party cyber risk, and delivers meaningful reports to leadership across Business units and market areas, risk management committees, and other internal collaborators
• Evaluates third party adherence to program and find opportunities and standard methodologies to influence alignment with risk appetite
• Support development of training materials, process flows, and communication plans for socializing efforts to support execution of the Program across the organization
• Support development of materials for executive audiences
• Identify and drive opportunities for maturing the Amex third party cyber risk program
• Support the evolution of key risk metrics to effectively evaluate third party cyber health across Business portfolios and thousands of Amex third parties
• Support the Third-Party Security products including data management, validation, enhancement support, and support to collaborators
• Advises leadership and business partners on technical cyber risk as it relates to third parties

Qualifications & Required Skills

• Demonstrated ability to analyze datasets and produce metrics and standardized reporting
• Knowledge & understanding of cyber security threats, risks, and vulnerabilities.
• Understanding of what information or assets are of value to threat actors and how organizations are breached.
• Known to work at driving thought-provoking central initiatives from vision to execution
• Must be able to identify proactive opportunities for improvement & efficiencies and to articulate plans required to reach objectives
• Experience with matrix organizations consisting of multi-functional teams and experience in driving complex, large-scale change efforts
• Must pay strong attention to detail and demonstrate a natural disposition to diagnose issues, mediate differing opinions, and converge on solutions
• Must have strong verbal and written communication skills, interpersonal collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences across various levels including executive leadership
• Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and make quick decisions.
• Must possess the ability to multitask, prioritize, and manage time effectively.

Preferred Skills

• Experience with Cyber Attack Surface Management solutions, specifically BitSight and Security Scorecard
• Familiarity with industry standard control frameworks, security assurance auditing standards, guidelines, and third-party regulatory requirements, such as ISO27001, NIST CSF, SSAE16/18, CSA, CIS Top 20, OWASP Top 10, FFIEC, etc.

• Salary Range: $85,000.00 to $150,000.00 annually + bonus + benefits
• The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.
• We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:
• Competitive base salaries
• Bonus incentives
• 6% Company Match on retirement savings plan
• Free financial coaching and financial well-being support
• Comprehensive medical, dental, vision, life insurance, and disability benefits
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities
• For a full list of Team Amex benefits, visit our Colleague Benefits Site.
• American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law.
• We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.
• US Job Seekers/Employees - Click here to view the “Know Your Rights” poster and the Pay Transparency Policy Statement.
• If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters.
• Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

PURPOSE:

The role of the vCISO provides the expertise required to properly scope and deliver cybersecurity solutions and services to our clients. They work closely with our clients to deliver risk management services that align industry best practices and regulatory requirements. The vCISO will identify risks and compliance gaps and collaborate with clients to prioritize and execute cybersecurity initiatives.

• Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes
• Performs cybersecurity risk assessments to identify and document client risks in accordance with industry best practices and regulatory bodies to include CMMC,
• DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, PCIDSS, and MITRE ATT&CK
• Continually manages risk management plans, milestones, and quarterly objectives to track progress and anticipate/notify of potential issues
• Collaborates with IT resources and key stakeholders from other business units to assess impacts to business processes, consider compensating controls, and effectively communicate risk remediation initiatives
• Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, and senior management
• Leads cybersecurity engineering resources to deliver vulnerability management, endpoint protection, privilege and identity management, network security, etc.
• Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders
• Conducts vendor risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies
• Works closely with Ascend’s cybersecurity team to report issues, develop process improvement strategies, and ensure service success
• Writes and updates cybersecurity policies and procedures aligned with client requirements
• Leads cybersecurity training, tabletop exercises, and marketing events
• Other Responsibilities as assigned by management

MINIMUM SKILLS, EDUCATION AND EXPERIENCE

• 5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.)
• 5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices
• One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent
• Proven success managing business risk, conducting vendor risk assessments, and executing cybersecurity controls
• Working knowledge of Microsoft 365, Azure Active Directory/Active Directory, Security Awareness strategies, and Vulnerability Management practices
• Excellent analytic, problem-solving, active-listening and decision-making skills
• Excellent presentation, writing, interpersonal and communication skills
• Comfortable engaging at executive levels to influence and provide strategic insight
• Experience and/or strong desire to work in a fast-paced environment with evolving conditions

PREFERRED SKILLS, EDUCATION AND EXPERIENCE

• 5+ Years experience in Incident Response and Digital Forensics
• Industry Specialized Certifications for PCI DSS, HITRUST, etc.
• Working knowledge of PowerShell, Threat Hunting Techniques, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms
• Bachelor’s degree in computer science, management information systems, information Technology, engineering, mathematics, or a related field

Starting Salary: $122,000/year

At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.

CORE VALUES

We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:

• Committed to Client Success: Our actions and our words always align with the best interest of the client.
• One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
• Integrity: We are unquestionably committed to doing the right thing even when it is hard.
• Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
• Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.

PHYSICAL DEMANDS:

Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs., such as laptop, server equipment, and, driving to the work site to meet with client(s).

The Opportunity:

Are you ready to take a strategic role in cyber defense? Are you looking for an opportunity to protect critical infrastructure from the constant onslaught of cyber-attacks? If you want to sharpen your skills by analyzing threats in real-time, you want to be a Cybersecurity Operations Center Analyst.

As a Cybersecurity Operations Center Analyst on our security operations center team, you’ll improve tier monitoring strategies and analyze threats using state-of-the-art tools and platforms. You’ll work with the team to comprehend, mitigate, and respond to threats quickly, restoring operations and limiting the impact. You’ll manage efforts to figure out just how many systems are affected and assist recovery efforts. You’ll combine threat intelligence, event data, and assessments of events to identify patterns to understand attackers’ goals to stop them from succeeding. This is a great opportunity to continue to build your cybersecurity skills with hands-on experience in threat assessment and incident response.

In this role, you’ll lead a team of professionals as they use cyberspace capabilities to evaluate potential weaknesses as well as the effectiveness of mitigations for cybersecurity solutions. You will leverage cyberspace operations systems to aggregate threat feeds that inform briefings for senior leadership aligned to our Army client.

If you want to be in the fight, working shoulder to shoulder with our mission partner influencing the most critical global cyber missions, this is the opportunity for you. Join us as we protect clients from malicious actors.

Join us. The world can’t wait.

• Improve tier monitoring strategies and analyze threats using state-of-the-art tools and platforms.
• Comprehend, mitigate, and respond to threats quickly, restoring operations and limiting the impact.
• Manage efforts to determine the number of affected systems and assist recovery efforts.
• Combine threat intelligence, event data, and assessments of events to identify patterns and understand attackers’ goals.
• Lead a team of professionals using cyberspace capabilities to evaluate potential weaknesses and the effectiveness of mitigations for cybersecurity solutions.
• Leverage cyberspace operations systems to aggregate threat feeds that inform briefings for senior leadership aligned to our Army client.

You Have:

• 3+ years of experience working in a Security Operations Center at a classified level within the DoD
• Experience providing continuous monitoring security expertise to business units and key stakeholders
• Experience performing extensive analysis to validate established security requirements and recommend additional security requirements and safeguards
• Experience working with cybersecurity staff to evolve the Security Operations continuous monitoring toolsets and reporting to provide better vulnerability insight
• Ability to serve as subject matter expert on vulnerabilities, including system and application settings, to work alongside other security analysts in event handling and incident response
• Ability to perform as a focal point for incident response and be responsible for communicating with other stakeholders
• Active TS/SCI clearance; willingness to take a polygraph exam
• HS diploma or GED
• Ability to obtain an 8570 DoD-approved CSSP Baseline Certification such as CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, or PenTest+ Certification, prior to start date

Nice If You Have:

• Experience using Elastic for monitoring and analysis
• Experience using endpoint tools to successfully hunt for adversarial behavior
• Knowledge of Splunk and creating Splunk content, including alerts and dashboards
• Ability to conduct threat hunting using network and host-based information
• TS/SCI clearance with a polygraph
• Master's degree
• Splunk, Tanium, or TYCHON Certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $96,600.00 to $220,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model

Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you’ll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you’ll work with colleagues and clients in person, as needed for the specific role.

EEO Commitment

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.