Job Description

You won’t just see the problem coming, you’ll see the solution.

New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing: 

Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
Encouraging employee contribution, such as feedback, career development planning, and goal setting.
Developing plans and strategies for information security tools, processes, and programs
Responding to changes in the regulatory environment and assisting other organizations in doing the same.
Making strategic recommendations to enhance information security, including processes, procedures, governance approaches, and compliance.

Job Description

Responsible for assisting with activities within the Global Infrastructure (GI) Risk Management program to systematically handle audit and compliance requests, in alignment with the expectations and requirements of the internal audit, risk oversight teams, our regulators and banking regulations. Responsible for risk investigations, intelligence, assurance, and awareness, for technology risk standards and handling IT controls and compliance with regulatory guidance.

Collaborates with multiple partners including all GI customers, Technology Risk and Information Security, Operational Risk, Internal Audit Group, Second line oversight and external auditors and regulators. Proactively monitoring current capabilities and instituting industry best practices. Works individually and with teams on both structured and unstructured assignments.

Key Responsibilities:

Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
Assists in developing, implementing, and monitoring compliance to American Express and Information security policies, standards and procedures, and other policies and standards as appropriate
Prepares materials (reports, presentations, spreadsheets, etc) on information security to help develop scenarios, response procedures, and to enable informed decision-making; verify completeness, accuracy and relevance of data captured
Maintains records to allow for historical trending analysis
Identifies current and desired further state IT control capabilities incorporating industry leading technology and practices that enhance American Express’ ability to manage technology risk
Partner closely with GI product and process owners to ensure controls also enable the business and technology
Work across GI to ensure timely response to all risk & compliance requests (e.g, state, federal, internal, external, etc.)
Maintain meaningful and actionable critical metrics, metrics and reporting related to governance, risk and controls
Partner with vendors and strategic partners to garner external industry standard methodologies
Adapts plans and programs to changes in the regulatory environment and threatscape

Relevant knowledge and background in information security and technology controls, compliance and/or regulatory experience
Infrastructure Technology background/experience
Knowledge and/or training in IT control frameworks, federal and international regulations including but not limited to FFIEC, NIST, OFAC, SOX, PCI, ISO, etc.
Collaborative approach to solving business problems
Background in ITSM/ITIL/COBIT/ISO processes preferred
Self-motivated individual with the ability to combine outstanding problem-resolution and critical thinking skills with an ability to apply a business and risk lens
Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
Practical experience in doing both written and verbal communication effectively to multiple levels within the organization
Demonstrable ability to take complex technical information and translate it into clear communications (presentations/memos) for a variety of audiences
Analyzes complex information and identifies the most meaningful details 
Shows personal determination and resilience; is optimistic in changing circumstances
Continually seeks and learns from feedback
Is clear when explaining ideas and concepts to others - communication is structured, compelling, and impactful, and builds a credible impression
Involves the right people to ensure the best decisions are made in a timely manner
Challenges the status quo and questions current approaches where appropriate
Continually looks for contingency options and dedicatedly adapts plans and priorities
Takes the initiative to craft transparency when changing circumstances cause ambiguity
Translates and interprets American Express business strategies to clarify direction for self and/or team and to gauge impact on current plans