The position, may be located in New York, Phoenix or Salt Lake City is part of the Global Risk, Banking & Compliance organization and reports to the Director, Information Security and Information Technology Risk Oversight. Strong information security and information technology are key contributors to loyalty, trust and customer experience, and the American Express brand. Properly assessing, managing, and overseeing global information technology and information security risk is critical to the Company's business.
The successful candidate will have a background in information security and information technology, with expertise in writing technical documents, including: creating power points, creating succinct summaries of technical issues in writing, writing user stories and test cases. This position requires a demonstrated ability to manage projects and develop timelines for delivery.
This position is responsible for supporting program management activities for Information Security and Information Technology Risk Oversight. The role requires the individual to be strong analytically, a self-starter and willing to drive innovation in processes. Excellent written communication and project management skills are important. Interaction and ability to influence various constituencies is important which requires strong team work and a desire to learn. Individuals with Risk Management background would be a plus.
- Assists in writing technical assessments as part of our second line oversight program.
- Prepares materials (reports, presentations, spreadsheets, etc.) on information security and information technology for the IS & IT Risk Oversight program.
- Supports interfaces with various internal and external constituencies (internal first line teams, Regulators, Audit, etc.) through creation of updates on information security and information technology oversight activities.
- Utilizes tools and documented processes to ensure consistency and optimization of information security and information technology processes; work in support of efforts to measure and improve the processes.
- Assists with industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps.
- Support the independent risk assessment of the information security and information technology programs and provide effective challenge to the design and execution of technical and procedural controls.
- Prepares status reports on information security, or other matters to help develop, track, monitor and report on projects and initiatives.
- Consults on controls, processes, and procedures.
- Facilitates meetings to gather and document products/services or generic process changes.
- Maintains internal documentation, ensuring that process and other documentation is regularly updated to reflect latest operational processes and requirements.
- Supports the analysis of underlying trends and action plans associated with information security, information technology and other domains
Support the development of information security and information technology metrics (e.g. KRIs and KPIs) to continuously monitor and oversee program level risks.Qualifications
Education & Experience:
- Bachelor's Degree in related field preferred (or equivalent work experience)
- Minimum 3 years-experience in working in a project management/business analyst role
- In-depth experience with desktop software and office automation tools (must be proficient in Microsoft products)
- Demonstrated knowledge and experience in security or technical concepts such as, cyber-attacks and techniques, threat vectors, risk management, SDLC, incident management etc. .
- Risk assessment experience is preferred, particularly in a financial services or highly regulated environment
- Strong verbal and written communication skills and excellent relationship building skills
- Strong communication skills: clear when explaining ideas and concepts to others - communication is structured, compelling, and impactful, and creates a credible impression
- Translates and interprets AXP business strategies to clarify direction for self and/or team and to gauge impact on current plans
- Strong work prioritization, planning, and organizational skills
- Knowledge or awareness in information security, compliance, assurance, and/or other security best practices and principles is preferable.
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.