Director Tech Control Management Risk Advisor

At American Express our culture is built on a 175year history of innovation shared values and leadership behaviors and an unwavering commitment to back our customers communities and colleagues. As part of Team Amex youll experience this powerful backing with comprehensive support for your holistic wellbeing and many opportunities to learn new skills develop as a leader and grow your career.
Here your voice and ideas matter your work makes an impact and together you will help us decide the future of American Express.

The Technology & Operational Risk Advisor will help ensure safe and sound banking & business operations by creating embedded partnerships focused on reducing technology and operational risk and advancing Technology Risk and Information Security objectives as needed to protect and secure the Companys valuable information by ensuring the security and confidentiality of customer information protecting against any anticipated threats or hazards to the security or integrity of such information and protecting against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer

This role will have a significant positive impact on the overall Operational Technology and Information Security risk posture of American Express and its legal entities by leading riskreduction through clear and candid communication early engagement in new products and projects regulatory engagement information security and technology risk consultation.

How will you make an impact in this role

We are seeking an experienced and proactive leader to be responsible for technology risk operational risk and information security control enforcement as well as risk prioritization across Business Unit CIO groups the business and American Express legal entities.

Responsibilities:

• Build strong partnerships with key stakeholders with supporting business unit and technology control ownership domains to connect business and tech partners with the right Technology Risk & InfoSec SMEs
• Provide Technology Risk and Information Security technical consultation on new projects products applications strategy and other ventures to ensure appropriate security protection is delivered as part of any new solution
• Assist with other Technology Risk related activities which arise based on the needs of the business unit or broader Technology Risk and Information Security organization
• Assist regulatory exam management related to Technology Risk and Information Security
• Assess the needs of the Business Unit to ensure sufficient understanding of Operational Risk Management and controls (e.g. annual knowledge assessments and refresher trainings)
• Lead riskreduction through clear and candid communication early engagement in new products and projects regulatory engagement information security and technology risk consultation.

Minimum Qualifications:

• 5 years experience in operational risk management (e.g. within Risk and/or Internal Audit function) with strong understanding of critical operational risk management lifecycle activities
• Excellent project management communication and interpersonal skills with an ability to interact and obtain buyin from senior BU/tech counterparts
• Expertise in process governance with a track record of establishing and overseeing robust decisionmaking processes that align with policies regulatory frameworks and/or operational standards
• Experience within financial services industry
• Strong analytical and problemsolving skills with an ability to analyze data identify trends and evaluate risk scenarios effectively
• Experience in Information Security Risk and Technology Audit.
• Relevant Experience and Skills:
  • Information Security Operational Risk or Technology Risk Management leadership experience
  • Experience working with Regulators and in complex regulated businesses is an asset
  • Broad understanding of information security disciplines with emphasis on vulnerability management data protection infrastructure security application security identity and access incident management risk management and data analytics
  • Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures
  • Calm and decisive under pressure. Natural operational leadership in stressful situations.
  • Ability to prioritize actions for the benefit of the organization to remain focused on most critical issues.
  • Proactively communicate key OR trends activities and events to senior management to facilitate informed decisionmaking
  • Report thematic risk reporting (levels trends causes) to provide actionable insights to BU on current risk levels emerging trends and root causes
  • Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done.
  • Experience in developing high performing talent.
  • Proven ability in extending and maintaining strong relationships in a complex multinational corporation. Ability to translate technical cyber security concepts to nontechnical business leaders.
  • Strong problem solver with the ability to use analytical methods to affect change.
  • Effective organizational skills (including attention to detail) along with the ability to collaborate and influence in a matrix environment.

Preferred Qualifications:

• Bachelors Degree in Information Technology Computer Science or Cybersecurity or related field; advanced degrees (e.g. MBA MSc) or certifications are advantageous
• Experience in at least one of the following:
• Providing identification of operational risks throughout business processes and systems
• Facilitating risk assessment performance in addition to further assessments and testing programs to ensure regulatory and internal standards are met
• Enhancing risk assessments and associated methodologies
• Leading independent control monitoring including identification of control improvements
• Identifying areas of risk for intervention including conducting independent quality assurance and process testing
• Compiling thematic risk reporting to provide actionable insights on risk levels emerging trends and root causes

We back our colleagues and their loved ones with benefits and programs that support their holistic wellbeing. That means we prioritize their physical financial and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financialwellbeing and retirement
• Comprehensive medical dental vision life insurance and disability benefits (depending on location)
• Flexible working model with hybrid onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global onsite wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

Offer of employment with American Express is conditioned upon the successful completion of a background verification check subject to applicable laws and regulations.