Manager, CyberOps & Assurance (DSPM Engineering/Cloud)

At American Express, our mission is to deliver the world's best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage-empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

The Data Security team is responsible for safeguarding the organization's most critical asset-its data-by ensuring confidentiality, integrity, and availability across all platforms and environments. Working at the intersection of cybersecurity, data governance, and privacy, the Data Security team focuses on capabilities such as data classification, encryption, secure data access, and monitoring. The team partners closely with engineering, risk, and business units to embed security controls throughout the data lifecycle-from creation and storage to sharing and archival.

The candidate will be part of a specialized sub-team focused on Data Security Posture Management (DSPM). This sub-team is responsible for providing visibility into sensitive data across cloud and on-prem environments, identifying data security risks, and driving remediation efforts. The team leverages modern DSPM tools and analytics to discover, classify, and monitor data, ensuring proper access controls and compliance with internal policies and external regulations. The role involves working on initiatives that enhance data visibility, reduce risk exposure, and strengthen the organization's overall data security posture

American Express is seeking a highly technical Manager - CyberOps & Assurance to lead a small team responsible for building and scaling enterprise data security capabilities across our Data Security Posture Management (DSPM) and Data Discovery & Classification platforms.

This role combines hands-on technical leadership with direct team oversight, requiring a manager who actively contributes to engineering efforts while guiding a team in delivering scalable, integrated data security solutions.

You will be responsible for advancing core data security capabilities, integrating them across the enterprise, and ensuring strong execution, automation, and operational maturity.

Why This Role Matters

This role is critical to advancing American Express' data security capabilities through strong technical execution and focused team leadership. You will directly influence how sensitive data is protected across the enterprise while helping build scalable, modern, and AI-enabled data security solutions.

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you'll experience our powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

• 8+ years of experience in cybersecurity, data security, or data engineering with strong focus on data discovery, classification, or DSPM

• Experience leading or mentoring engineers in a technical environment, while remaining hands-on

• Strong expertise in:

• Modern data architectures (data lakes, warehouses, distributed systems)

• Structured and unstructured data ecosystems

• Data classification methodologies and regulatory frameworks (PCI, PII)

• Demonstrated experience designing and implementing enterprise-scale integrations, including:

• Data catalog platforms

• ITAM / CMDB systems

• SIEM / SOAR or security analytics platforms

• Strong technical skills in:

• APIs and integration patterns (REST, event-driven architectures)

• Programming/scripting (Python preferred)

• Cloud platforms (AWS, Azure, or GCP)

• Demonstrated experience leveraging AI-assisted tools or platform-native intelligence to improve engineering efficiency and enhance data discovery/classification outcomes

• Ability to apply data-driven and AI/ML-assisted approaches to improve detection accuracy, reduce false positives, and scale operations

Preferred Qualifications

• Experience working with enterprise data security, DSPM, or classification solutions
• Experience contributing to platform transformations or large-scale security initiatives
• Familiarity with data governance and metadata management ecosystems
• Experience in financial services or other highly regulated environments
• Exposure to DevSecOps, infrastructure-as-code, and automation practices
• Experience working with or tuning ML/NLP-based classification capabilities
• Exposure to securing AI/ML or GenAI-driven data environments

Leadership & Mindset Expectations

• Hands-on technical leader with a strong builder mindset
• Ability to balance individual contribution with team guidance
• Systems thinker focused on integration, data flows, and scalability
• Practical and outcome-oriented in leveraging automation and AI
• Comfortable operating in complex, evolving environments

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions

Team Leadership & Execution

• Lead and support a small team of data security engineers focused on DSPM and data classification capabilities
• Provide technical guidance, remove blockers, and ensure consistent delivery of high-quality engineering outcomes
• Contribute to prioritization and execution while maintaining strong alignment with broader program objectives
• Promote a culture of ownership, accountability, and continuous improvement

Technical Leadership & Architecture Oversight

• Own the design and evolution of data discovery, classification, and DSPM capabilities across multi-cloud and on-prem environments
• Define scalable architecture patterns for onboarding, classification, and integration across diverse data environments
• Provide hands-on technical guidance and participate directly in complex engineering efforts

Hands-On Engineering & Platform Enablement

• Actively contribute to implementation, configuration, and optimization of data security capabilities
• Lead complex or high-impact initiatives requiring deep technical expertise
• Ensure scalability, performance, and reliability across the environment

Integration & Enterprise Data Flow Strategy

• Drive integration of data discovery, classification, and DSPM capabilities with enterprise systems, including:

• Data catalog platforms

• ITAM / CMDB systems

• SIEM / SOAR and security analytics platforms

• Guide development of API-driven and event-based architectures to enable consistent and timely propagation of classification and risk signals

Data Discovery, Classification & Emerging Environments

• Oversee implementation and refinement of classification strategies for sensitive data (PCI, PII, financial, regulated data)
• Improve detection logic, classification accuracy, and signal quality
• Expand discovery and classification capabilities into next-generation data creation environments, including:
• LLM-driven workflows and prompt/response data flows
• AI/ML pipelines and training datasets
• Emerging platforms such as MCP servers and AI orchestration layers

Automation, Scale & AI-Augmented Operations

• Drive adoption of automation frameworks for:

• Data onboarding and scanning

• Classification workflows

• Risk detection and remediation

• Leverage AI-assisted automation and platform-native intelligence to:

• Improve efficiency and reduce manual effort

• Increase consistency and scalability of controls

• Identify opportunities to apply AI-driven techniques to improve operational performance and detection quality

Cross-Functional Partnership

• Partner with data engineering, platform, governance, and security teams to embed data security into enterprise workflows
• Collaborate with product, risk, and compliance stakeholders to align capabilities with business and regulatory needs
• Support resolution of complex technical and operational issues

Team Leadership & Execution

• Lead and support a small team of data security engineers focused on DSPM and data classification capabilities
• Provide technical guidance, remove blockers, and ensure consistent delivery of high-quality engineering outcomes
• Contribute to prioritization and execution while maintaining strong alignment with broader program objectives
• Promote a culture of ownership, accountability, and continuous improvement

Technical Leadership & Architecture Oversight

• Own the design and evolution of data discovery, classification, and DSPM capabilities across multi-cloud and on-prem environments
• Define scalable architecture patterns for onboarding, classification, and integration across diverse data environments
• Provide hands-on technical guidance and participate directly in complex engineering efforts

Hands-On Engineering & Platform Enablement

• Actively contribute to implementation, configuration, and optimization of data security capabilities
• Lead complex or high-impact initiatives requiring deep technical expertise
• Ensure scalability, performance, and reliability across the environment

Integration & Enterprise Data Flow Strategy

• Drive integration of data discovery, classification, and DSPM capabilities with enterprise systems, including:

• Data catalog platforms

• ITAM / CMDB systems

• SIEM / SOAR and security analytics platforms

• Guide development of API-driven and event-based architectures to enable consistent and timely propagation of classification and risk signals

Data Discovery, Classification & Emerging Environments

• Oversee implementation and refinement of classification strategies for sensitive data (PCI, PII, financial, regulated data)
• Improve detection logic, classification accuracy, and signal quality
• Expand discovery and classification capabilities into next-generation data creation environments, including:
• LLM-driven workflows and prompt/response data flows
• AI/ML pipelines and training datasets
• Emerging platforms such as MCP servers and AI orchestration layers

Automation, Scale & AI-Augmented Operations

• Drive adoption of automation frameworks for:

• Data onboarding and scanning

• Classification workflows

• Risk detection and remediation

• Leverage AI-assisted automation and platform-native intelligence to:

• Improve efficiency and reduce manual effort

• Increase consistency and scalability of controls

• Identify opportunities to apply AI-driven techniques to improve operational performance and detection quality

Cross-Functional Partnership

• Partner with data engineering, platform, governance, and security teams to embed data security into enterprise workflows
• Collaborate with product, risk, and compliance stakeholders to align capabilities with business and regulatory needs
• Support resolution of complex technical and operational issues