Why American Express?
There’s a difference between having a job and making a difference.
American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it.
Information Technology Risk Assessments protect enterprise value by providing timely and reliable technology risk assessments to influence critical business and technology decisions. Our mission is to; develop and apply a more focused IT Risk lens across multiple functions and business units throughout American Express, enabling the enterprise to proactively identify and respond to technology risks.
Key responsibilities include:
- Perform technical IT risk assessments and control effectiveness assessments using a combination of available metrics and expert interviews
- Help build project management rigor by creating work delivery cadences across team initiatives, manage stakeholder communications, work output tracking, and documentation management.
- Provide guidance on information technology processes, controls, and compliance, and information technology risk management to team members
- Work with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on information technology controls and information technology risk management.
- Ensure various compliance requirements (SOX, BASEL, GLBA, etc) are met through implementation of controls
- Participates in the development of strategies for information technology processes and programs
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk
- Provide ongoing awareness and education of industry efforts and statistics relevant to information technology
- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, technology strategic directions and compliance objectives
- Provides consultation to internal business partners, customers and vendors in assessing information technology risks and mitigating controls to ensure system availability and processing integrity.
Required Work Experience, Education, Certification / Training:
- Bachelor’s degree in information systems, computer science or other related field preferred
- Hands on experience conducting IT risk assessments with risk frameworks (i.e., Open FAIR, NIST)
- Experience with programming/scripting and CI/CD is a plus
- Professional certifications a plus (CRISC, CISA, CISM or equivalent)
- At least 5 years of work experience in information technology
- Technical background with hands-on experience across a variety of technologies
- Proficiency in risk management and audit (risk policies, procedures and controls)
- Experience in automation and data analytics to enable process improvement preferred.
- Demonstrated ability to effectively engage, lead, educate, influence and collaborate across the enterprise to drive results.
- Thorough knowledge understanding of risk and control frameworks e.g. NIST, COBIT, PCI DSS
Required Knowledge, Skills and Abilities:
- Expertise in key information technology domains including: change management, incident and problem management, event management, SDLC and application development, service continuity/availability.
- Strong knowledge and experience in technology risk assessment and relevant methodologies including quantitative risk management techniques
- Knowledge of applicable information technology standards and regulatory requirements
- Excellent written and oral communication skills
- Highly self-motivated and directed
- Keen attention to detail
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.