Manager - Information Security - job 4 of 5

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you’ll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

Join Team Amex and let's lead the way together.

The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, Business   Disruption, Technology   Risk, Data   Risk, & AI   Risk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees.

Functional Description:

This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the technology, cyber security and data risks.

Reporting to the Director for Technology Risk oversight, this position is responsible for independently assessing, reporting, and aggregating data risks (including data security, data architecture and data storage).  The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure data risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements.

Essential Job Functions:

• Drive cross-functional collaboration with internal stakeholders responsible for data risk management to ensure proactive identification, measurement, management, monitoring, and reporting of data security risks.
• Provide effective oversight and credible challenge to the 1st line’s implementation of data-related controls within the Risk and Control Self-Assessment (RCSA) and review the design and operating effectiveness of controls linked to data security, availability, and architecture.   
• Contribute to enterprise-wide initiatives focused on enhancing the data risk management framework, information security policies, & security standards. Support development of key risk indicators and key performance indicators that delivers meaningful insights into data security risks and control performance trends.
• Perform data-driven reviews focused on data risk (including data security, data architecture and data storage) and prepare risk review reports for senior stakeholders and governance bodies.
• Stay abreast of applicable regulations, guidelines, and industry standards, and drive continuous enhancement of oversight practices to ensure alignment with evolving regulatory expectations and leading practices.  
• Conduct exploratory data analysis on large sets of structure data using industry standard tools (Ex: SQL, Python, Power BI, and Excel data models) to develop meaningful insights on cybersecurity and technology related data.
• Learn technology, cyber security, and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, in order to present an effective credible challenge.
• Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, operational risk event management, operational risk issue management.
• Help embed a strong risk-aware culture, encouraging proactive risk management behaviors within the organization. 

Minimum Qualifications:

• Minimum five years of experience in data security & risk management within the banking/financial services industry including policy & procedure development, risk appetite, risk control self-assessment and testing, operational event & issue management.
• Proven ability to identify & assess risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data.
• Strong verbal and written communication skills with an ability to
  explain complex problems and ideas clearly and succinctly to senior
  management.
• Ability to work in a highly collaborative environment, excellent
  relationship building skills and ability to influence partners with a firm
  strategic view.
• Excellent analytical skills with high attention to detail and accuracy.
• Excellent critical thinking and problem-solving skills.
• Required self-starter who can work with minimal supervision.
• Willingness to challenge traditional thinking by actively engaging in constructive dialogue.

Preferred:

• Educational background: Bachelor’s in computer science or information systems.
• Working knowledge of one or more of the data mining tools and technologies (SQL, Python, Power BI, Excel data models, pivot tables & DAX queries, R)
• Experience in risk management frameworks and standards across cyber security, data risk, information technology, 3rd party, business continuity management.
• Industry certifications (e.g., CISSP, CISM, CISA, CRISC, CompTIA Security+)
• Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, FAIR or NIST RMF).
• Knowledge of relevant policies & regulations (e.g., OCC Heightened Standards, FFIEC IT booklets).
• Experience with Governance, Risk and Compliance tools (Ex: Archer).

Salary Range: $110,000.00 to $190,000.00 annually + bonus + equity (if applicable) + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries 
• Bonus incentives 
• 6% Company Match on retirement savings plan 
• Free financial coaching and financial well-being support 
• Comprehensive medical, dental, vision, life insurance, and disability benefits 
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy 
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
• Free and confidential counseling support through our Healthy Minds program 
• Career development and training opportunities

For a full list of Team Amex benefits, visit our Colleague Benefits Site.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. American Express will consider for employment all qualified applicants, including those with arrest or conviction records, in accordance with the requirements of applicable state and local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance for Employers, and the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. For positions covered by federal and/or state banking regulations, American Express will comply with such regulations as it relates to the consideration of applicants with criminal convictions.

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

*Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

US Job Seekers - Click to view the “Know Your Rights” poster. If the link does not work, you may access the poster by copying and pasting the following URL in a new browser window: https://www.eeoc.gov/poster