**Description** At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. **How will you make an impact in this role?** Responsible for architecting and engineering data access security controls that manage, monitor, measure, and report the data access security posture of the organization’s data estate. Specifically, this role will focus on controlling access to semi-structured and unstructured data hosted on distributed servers, cloud, storage, file systems, file shares and collaboration repositories. Data access controls will cover person and non-person identities and their access, including but not limited to users, applications, APIs, and GenAI. **Organizational Context:** Reports to the Director of Data Access Management. The Data Access Management team architects, engineers and operates data access controls for structured, semi-structured and unstructured data hosted on the mainframe, distributed servers, cloud, storage, file systems, file shares and collaboration repositories like SharePoint, Confluence, Slack, OneDrive, GitHub etc. Works across Technology Risk and Information Security, Privacy, Enterprise Data Governance, hosting platform teams to meet business, security, risk, and compliance objectives for a Category 2 bank. The Data Access Management team functions in support of the broader Data Security Posture Management program. **Key Responsibilities:** + Automate discovery and remediation of excess permissions in M365 and other unstructured data platforms. + Develop custom scripts and automation workflows for deprovisioning access based on leavers or transfer events, and usage inactivity. + Design access control policies using Azure AD, Conditional Access, and Microsoft Entra. + Implement access lifecycle management, and access review controls. + Monitor and remediate over-permissioned users and risky sharing behaviors. + Collaborate with risk and control management teams to align AvePoint policies with regulatory standards (e.g., FFIEC, FRB, NIST, GDPR). + Author, publish and operate access controls for unstructured data access. + Conduct regular assessments of user permissions, external sharing, and privileged access. + Review and implement security configurations across Exchange Online, SharePoint, OneDrive, and other unstructured data platforms. **Technical skills:** + In-depth experience with Access permission configuration and security review of platforms like Confluence, SharePoint, OneDrive, Slack, GitHub Repositories + Identity and Access Management domain experience + PowerShell scripting, Power App, Power Automate for workflow automation in M365. + Experience with SAM - SharePoint Administration Management and DAG -Data Access Governance + Microsoft Purview use of data identification and classification in data access controls + Entra Conditional access policies. + Experience with backend Java + SQL Proficiency: Writing complex queries, joins, stored procedures, functions, and triggers. **Education & Experience:** + Bachelor’s degree in computer science, Information Security (or equivalent work experience) + 7 Years of relevant hands-on experience. **Preferred Certification(s):** + CISSP, CISM, or equivalent security certifications + AvePoint Certified Administrator (ACA) + Microsoft 365 Certified: Security Administrator Associate **High-performing Behaviors:** + Shares critical expertise and knowledge to support team + Uses breakthrough thinking to generate insights, alternatives, and opportunities to prevent attacks. + Analyzes complex information and identifies the most meaningful details. + Identifies several ways to do things differently that will continuously strengthen the security posture. + Takes initiative, handles problems, and acts on own initiative without being prompted. + Transparently leads through change, ambiguity and brings clarity. + Prepares well in advance to maximize resource and time **Game Changers:** + Communications + Teamwork + Continuous Improvement + Courage + Curiosity + Ingenuity + Tenacity **Role Core Competencies:** + Technical Acumen + Emerging Technologies + System/Platform Domain Knowledge + Identity and Access Management + Analytical Thinking + Regulatory Compliance + Industry and Company Knowledge ORMCM **Qualifications** We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: + Competitive base salaries + Bonus incentives + Support for financial-well-being and retirement + Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) + Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need + Generous paid parental leave policies (depending on your location) + Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) + Free and confidential counseling support through our Healthy Minds program + Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. **Job:** Technology **Primary Location:** India-Karnataka-Bengaluru Urban **Schedule** Full-time **Tags** 1LOD_Data-Tech **Req ID:** 25013205