Director - Information Security Risk

At American Express, our culture is built on a 175-year history of innovation, shared and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

Global Risk, & Compliance (GRC) group is the independent risk management (Second Line) organization within American Express and is headed by the Chief Risk Officer (CRO). GRC provides oversight as well as governance of risks and ensure the company operates in a safe and sound manner within global regulatory expectations.

The Information Security Risk Director is a leadership position within GRC’s Cybersecurity, Technology, and Resiliency Risk Oversight (CTRRO) team. The Director will lead a team of colleagues who execute independent risk management activities for assigned cybersecurity processes as well as lead CTRRO’s data and automation capabilities. The role reports into the Vice President of CTRRO, who reports into the Head of CTRRO and Vendor Risk Oversight, who reports into the EVP of Enterprise Risk Management.

Responsibilities

• Lead and nurture a global team of four to six direct reports and maintain performance management for assigned colleagues
• Lead execution of risk assessments, monitoring, and reporting over assigned cybersecurity processes, such as vulnerability management
• Identify and apply thought leadership, best practices, and emerging trends
• Lead gap assessments per laws, regulations, and regulatory guidance as well as industry frameworks and company policies
• Demonstrate high level of curiosity to learn and willingness to present an effective credible challenge
• Identify issues for control failures or gaps and execute issue management until closure
• Develop strong working relationships with all levels of the organization, handle and resolve conflict, to achieve results and enact wide-scale impact across the organization.
• Lead CTRRO's data strategy, including analysis and creation risk metrics (KRIs / KPIs), direction of enhancement of the team's GRC modules and capabilities, query cyber data warehouses, and building risk dashboards and reporting.

Qualifications

Salary Range : $170,000.00 to $255,000.00 annually + bonus + equity (if applicable) + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally :