You Lead the Way. We\xe2\x80\x99ve Got Your Back.
With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you\xe2\x80\x99ll learn and grow as we help you create a career journey that\xe2\x80\x99s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you\xe2\x80\x99ll be recognized for your contributions, leadership, and impact\xe2\x80\x94every colleague has the opportunity to share in the company\xe2\x80\x99s success. Together, we\xe2\x80\x99ll win as a team, striving to uphold our company values and powerful backing promise to provide the world\xe2\x80\x99s best customer experience every day. And we\xe2\x80\x99ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.
Join Team Amex and let\'s lead the way together. The Director of Risk ID, Assessment, and Testing will be responsible for identifying, testing, and owning the development and delivery of Information Technology and Information Security controls to preserve the confidentiality, integrity, and availability of data across the enterprise. This role will partner with second line and other technology leaders to drive improvements to the technology control environment ensuring that the Business Unit is following the PRSA Framework, and the policies/guidance issued by other relevant Governance groups. The function is also responsible for conducting risk assessments across processes and systems as part of enterprise programs such as PRSA and will partner with all lines of business on control types, creation, and relevancy ensuring risk mitigation.
Responsibilities:

• Lead the Technology Process Risk Self-Assessment (PRSA) program. This includes setting for technology guidelines, procedures, training, tooling, and enforcement of the proper design and implementation of controls
• Enhance the control environment at American Express through close partnership with Operational Risk Governance Group, Fortify the Controls Environment (FCE), Compliance, Issue Management and other Technology Risk leaders
• Identify risk throughout business processes and systems
• Develop and recommend risk mitigation strategies to address identified risks
• Performing on-going tracking, monitoring of progress, escalation, and governance of identified issues on a periodic basis
• Identify and proactively flag areas of high risk for intervention (e.g. automated alerts for near-threshold breaches)
• Influence partners to achieve targeted levels of information security, project oversight, controls, and compliance
• Provide guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders
• Partner with the Tech Risk & Info Sec Business Leadership Team to develop, implement, monitor and report on appropriate control ratings and compliance ratings
• Ensure appropriate control ratings and compliance outcomes are achieved
• Provide guidance on information security processes, encryption, and IT General Controls, and compliance, and information security risk management to team members and internal clients
• Partner with the Operational Excellence Operational Risk Events (ORE) and Customer Action Plans (CAP) to link events/CAPs to appropriate Process Risk Self-Assessment (PRSA)
• Partner with ORGG to develop, implement, and automate adequate IT General Controls and Information Security Data Protection controls within the Archer system of record for risks and controls.

Required Qualifications:

• 8+ years of relevant professional work experience in Operational Risk Management with experience in Information Security and Technology Risk Management
• Deep knowledge of compliance, risk management and internal IT control frameworks
• Broad understanding of information security disciplines with emphasis on vulnerability management, data protection, identity and access, incident management, risk management, and data analytics
• Understanding of regulatory landscape while able to link threats to risk tolerance and control efficiency measures
• Proven ability in extending and maintaining strong relationships in a complex multi-national corporation
• Knowledge/experience with GRC tools (preferably Archer) inclusive of reporting.
• Ability to conceptualize complex control relationships and develop rigor in control development, design and testing practices
• Ability to translate technical cyber security concepts to non-technical business leaders and influence in a matrix environment
• Calm and decisive under pressure with strong operational leadership in stressful situations
• Ability to prioritize actions for the benefit of the organization to remain focused on most critical issues
• Initiative and energy to go beyond minimum requirements of effort and activity; a bias for action and for getting things done
• Strong problem solver with the ability to use analytical methods to affect change

Educational Requirements:

• Bachelor\'s degree in information assurance, accounting, computer science or related field. Master\'s degree Preferred.
• CPA, CISM, CISA, CRISC, or CISSP or equivalent certification

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.