**Description**

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

**How will you make an impact in this role?**

**Focus**

Responsible for architecting and engineering data access security controls that manage, monitor, measure, and report the data access security posture of the organization’s data estate. Specifically, this role will focus on controlling access to databases hosted on on-prem distributed servers as well as public cloud. Data access controls will cover person and non-person identities and their access, including but not limited to users, applications, APIs and GenAI.

**Organizational Context**

Reports to the Director of Data Access Management. The Data Access Management team architects, engineers and operates data access controls for structured, semi-structured and unstructured data hosted on the mainframe, distributed servers, cloud, storage, file systems, file shares and collaboration repositories. Works across Technology Risk and Information Security, Privacy, Enterprise Data Governance, hosting platform teams to meet business, security, risk and compliance objectives for a Category 2 bank. The Data Access Management team functions in support of the broader Data Security Posture Management program.

**Key Responsibilities**

* Implement lifecycle management controls for user, System and Services IDs that have access to on-prem and cloud databases

* Implement database activity monitoring policies for on-prem and cloud databases

* Conduct security assessments of User, System and Service IDs access to data

* Document current and desired future state capabilities, incorporating industry leading technologies that improve data access controls

* Design, develop and deploy technology controls to drive least privilege access to data

* Define data access control metrics

* Provide ongoing awareness/education of industry efforts and statistics relevant to data access control

* Work with all levels across Technology and Business to establish data access controls that align with enterprise strategies and compliance objectives

* Provide consultation to internal Business partners, customers and vendors in assessing data access risks and mitigating controls to protect corporate intellectual capital and other sensitive data.

* Develop, test, and optimize complex SQL queries, stored procedures, functions, and triggers.

**Education & Experience**

* Bachelor’s Degree in Computer Science, Information Security (or equivalent work experience)

* Experience architecting and engineering data access security controls

* In-depth experience with Database permissions for different DB types including Oracle, MSSQL, PostgreSQL, Cassandra, Couchbase, cloud native Databases

* In-depth experience with implementing Database activity monitoring controls for on-prem and cloud databases

* Experience instantiating access security controls and measuring control effectiveness

* In-depth experience with design and implementation of automation scripts using Java, Python

* Proficiency with Linux / Unix systems, and it’s administration in a complex multi-platform environment

* 5 Years of hands on experience.

**High-performing Behaviors**

* Shares critical expertise and knowledge to support team

* Uses breakthrough thinking to generate insights, alternatives and opportunities to prevent attacks

* Analyzes complex information and identifies the most meaningful details

* Identifies a number of ways to do things differently that will continuously strengthen the security posture

* Takes initiative, handles problems and acts on own initiative without being prompted

* Transparently leads through change, ambiguity and brings clarity

* Prepares well in advance to maximize resource and time

**Knowledge/Skills**

* Requires in depth knowledge of identity and access management (IAM) architecture, engineering and operations to protect access to data; authoring security policies, standards, controls and metrics; knowledge of related technologies: web, network, server, database security; IAM control operations and providing evidence of compliance and control efficacy, Proficiency in SQL and experience with RDBMS such as PostgreSQL, Oracle, SQL Server and Couchbase.

**Game Changers**

* Communications

* Teamwork

* Continuous Improvement

* Courage

* Curiosity

* Ingenuity

* Tenacity

**Role Core Competencies**

Technical

* Technical Acumen

* Emerging Technologies

* Database access Knowledge

Functional

* Identity and Access Management

Leadership

* Analytical Thinking

Business

* Regulatory Compliance

* Industry and Company Knowledge

**Qualifications**

Salary Range: $110,000.00 to $190,000.00 annually bonus benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

+ Competitive base salaries

+ Bonus incentives

+ 6% Company Match on retirement savings plan

+ Free financial coaching and financial well-being support

+ Comprehensive medical, dental, vision, life insurance, and disability benefits

+ Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

+ 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

+ Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

+ Free and confidential counseling support through our Healthy Minds program

+ Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site .

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

US Job Seekers - Click to view the “ Know Your Rights ” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: https://www.eeoc.gov/poster

Depending on factors such as business unit requirements, the nature of the position, cost and applicable laws, American Express may provide visa sponsorship for certain positions.

**Job:** Technology

**Primary Location:** US-Arizona-Phoenix

**Schedule** Full-time

**Req ID:** 25010661