Information Security Compliance Analyst

Responsibilities

• Design and implement phishing simulation campaigns, including threat trend analysis and automated reporting.
• Develop and manage a policy exception framework with standardized review and documentation processes.
• Build and deliver a tiered security awareness curriculum using engaging, multi-format materials.
• Maintain detailed audit trails to ensure compliance with NIST, ISO 27001, and PCI DSS frameworks.
• Manage exception currency and access removal to align with evolving organizational risk posture.

Requirements

• 3–5 years of experience in Information Security, specifically within GRC or Security Awareness.
• Proven experience designing and executing organizational phishing simulations and reporting.
• Experience developing security awareness curricula and role-based training content.
• Background in managing security policy exceptions and maintaining audit trails.
• Familiarity with NIST CSF, ISO 27001, PCI DSS, or SOC2.
• Experience with platforms such as KnowBe4, Proofpoint, or Adaptive Security.
• Proficiency with GRC workflow tools like Jira, ServiceNow, or Onspring.
• Bachelor's degree in Information Security, Information Systems, or a related field.

Preferred Qualifications

• Current CISSP or CISA certification.

Benefits

• Flexible benefits including health insurance, retirement programs, and parental leave.
• Travel perks featuring deals on flights, hotels, cruises, and car rentals.
• Access to over 20,000 courses on a dedicated learning platform.
• Inclusive culture with global INclusion Groups.

About the Company

Amex GBT is a global leader in travel management, where colleagues find inspiration in travel as a force for good. We offer an inclusive and collaborative culture designed to help our employees achieve success and make a meaningful impact on the industry.