Job Description

Job Description
You Lead the Way. Weve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether were supporting our customers financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining whats possible - and were proud to back each other every step of the way. When you join TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

Supports the development, implementation, and management of the Global Infrastructure (GI) Risk Management program to systematically handle audit and compliance requests, in alignment with the expectations and requirements of the internal audit, risk oversight teams, our regulators and banking regulations. Works individually and with teams on both structured and unstructured assignments. Responsible for risk investigations, intelligence, assurance, and awareness, for technology standards and handling IT controls and compliance with regulatory guidance.

Collaborates with multiple partners including all GI customers, Technology Risk and Information Security, Operational Risk, Internal Audit Group, Second line oversight and external auditors and regulators. Proactively monitoring current capabilities and instituting industry best practices. Works individually and with teams on both structured and unstructured assignments.

Key Responsibilities:

* Provides effective leadership, analysis skills, and innovative thinking necessary to maintain and enhance the Risk Management and Governance program and framework to ensure full compliance with all banking laws, rules, regulations, and internal policies, procedures, and processes.
* Responsible for day to day coordination and maintenance of emerging risks and early warning indicators, limits and metrics at a granular level, and integrates all risks through identification of aggregation that includes development and oversight of an effective measurement process that captures and measures risk groups (including identification of concentrations by geography, counterparty, industry, correlations, etc.).
* Conducts risk and control assessments; provides qualitative and quantitative insight; regularly and promptly identifies changes in risk in the technology operating environment, in concentrations, and regularly maintains and updates risk and control assessments and exposure in addition to assisting in the evaluation exposure under various stressful scenarios.
* Keeps leadership informed of project/task status, manages work priorities, and proactively seeks solutions to challenging projects or situations.
* Ensures policies are updated to reflect changes in law or regulations, and recommends changes to policies, procedures and processes to minimize risk.
* Responds to inquiries or refers inquiries to the appropriate department or person, and exhibits the necessary follow through with customers and/or staff involved.
* Builds relationships with diverse groups and leads meetings to gather and document data and information in order to measure and improve the effectiveness of risk management and governance activities.
* Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes and requests
* Direct maintenance of internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements
* Assists in the development, implementation, and governance of processes and initiatives to ensure compliance, cost optimization, and efficiency.
* Assists in developing, implementing, and monitoring compliance to American Express and Information security policies, standards and procedures, and other policies and standards as appropriate
* Prepares materials (reports, presentations, spreadsheets, etc) on information security to help develop scenarios, response procedures, and to enable informed decision-making; verify completeness, accuracy and relevance of data captured
* Maintains records to allow for historical trending analysis
* Identifies current and desired further state IT control capabilities incorporating industry leading technology and practices that enhance American Express' ability to manage technology risk
* Partner closely with GI product and process owners to ensure controls also enable the business and technology
* Work across GI to ensure timely response to all risk & compliance requests (e.g, state, federal, internal, external, etc.)
* Maintain meaningful and actionable critical metrics, metrics and reporting related to governance, risk and controls
* Partner with vendors and strategic partners to garner external industry standard methodologies
* Adapts plans and programs to changes in the regulatory environment and threatscape

Minimum Qualifications

* Relevant knowledge and background in information security and technology controls, compliance and/or regulatory experience
* Infrastructure Technology background/experience (Cloud, IBM, TIMS, Disaster Recovery, Storage, Network, Database, etc.)
* Knowledge and/or training in IT control frameworks, federal and international regulations including but not limited to FFIEC, NIST, OFAC, SOX, PCI, ISO, etc.
* Collaborative approach to solving business problems
* Background in ITSM/ITIL/COBIT/ISO processes preferred
* Self-motivated individual with the ability to combine outstanding problem-resolution and critical thinking skills with an ability to apply a business and risk lens
* Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
* Practical experience in doing both written and verbal communication effectively to multiple levels within the organization
* Demonstrable ability to take complex technical information and translate it into clear communications (presentations/memos) for a variety of audiences
* Analyzes complex information and identifies the most meaningful details
* Shows personal determination and resilience; is optimistic in changing circumstances
* Continually seeks and learns from feedback
* Is clear when explaining ideas and concepts to others - communication is structured, compelling, and impactful, and builds a credible impression
* Involves the right people to ensure the best decisions are made in a timely manner
* Challenges the status quo and questions current approaches where appropriate
* Continually looks for contingency options and dedicatedly adapts plans and priorities
* Takes the initiative to craft transparency when changing circumstances cause ambiguity
* Translates and interprets American Express business strategies to clarify direction for self and/or team and to gauge impact on current plans
* Preferred SharePoint development experience

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.