Manager - Information Security

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you’ll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

Join Team Amex and let's lead the way together.

The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, BusinessDisruption, TechnologyRisk, DataRisk, & AIRisk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees.

Functional Description :

This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the technology, cyber security and data risks.

Reporting to the Director for Technology Risk oversight, this position is responsible for independently assessing, reporting, and aggregating data risks (including data security, data architecture and data storage).The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure data risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements.

Essential Job Functions :

• Drive cross-functional collaboration with internal stakeholders responsible for data risk management to ensure proactive identification, measurement, management, monitoring, and reporting of data security risks.
• Provide effective oversight and credible challenge to the 1st line’s implementation of data-related controls within the Risk and Control Self-Assessment (RCSA) and review the design and operating effectiveness of controls linked to data security, availability, and architecture.
• Contribute to enterprise-wide initiatives focused on enhancing the data risk management framework, information security policies, & security standards. Support development of key risk indicators and key performance indicators that delivers meaningful insights into data security risks and control performance trends.
• Perform data-driven reviews focused on data risk (including data security, data architecture and data storage) and prepare risk review reports for senior stakeholders and governance bodies.
• Stay abreast of applicable regulations, guidelines, and industry standards, and drive continuous enhancement of oversight practices to ensure alignment with evolving regulatory expectations and leading practices.
• Conduct exploratory data analysis on large sets of structure data using industry standard tools (Ex : SQL, Python, Power BI, and Excel data models) to develop meaningful insights on cybersecurity and technology related data.
• Learn technology, cyber security, and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, in order to present an effective credible challenge.
• Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, operational risk event management, operational risk issue management.
• Help embed a strong risk-aware culture, encouraging proactive risk management behaviors within the organization.

Minimum Qualifications :

explain complex problems and ideas clearly and succinctly to senior

management.

relationship building skills and ability to influence partners with a firm

strategic view.

Preferred :

Salary Range : $110,000.00 to $190,000.00 annually + bonus + equity (if applicable) + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally :