It’s more than protecting information, it’s protecting people. Information Security Analysts know security is a top priority for our business, our partners, and customers. As cyber-attacks increase and compliance is rigorously enforced, they strive to stay ahead of what’s next to protect our brand and future. The IT Risk and Controls Team has the responsibility of working across both information security and technology groups to identify risks and assist with control development and metrics determination to enable continuous control monitoring. The team also provides end-to-end resolution, oversight and governance for all Operational Risk Events (ORE) and Corrective Action Plans (CAP) including strengthening the control environment while enabling growth and ensuring flawless customer experiences. You won’t just see the problem, you’ll drive the solution On a daily basis you will be asked to:
- Assist event managers with the performance of hands-on issue resolution management, guidance, and monitoring of various Capabilities to ensure ORE and Corrective Action guidelines and milestones are met timely, and align with governance and compliance mandates
- Work with stakeholders within information technology and information security to identify risks and assist with control implementation recommendations.
- Support Technology partners to ensure that effective Issue resolution (via Loss Event and Corrective Action management) is implemented
- Build and maintain excellent relationships across Technology and Business Unit Operational Excellence teams
- Ensure deliverables and milestones satisfy objectives and the expectations of a variety of stakeholders, including the CIO, CISO and other senior leaders within Technology and other internal and external stakeholders
- Partner with key technology leads to implement process improvements and controls across AET
- Assist with design assessments on current technology controls to identify potential improvement opportunities
- Assist with the performance of thematic root-cause analysis on recurring technology caused events to identify unmitigated risks and areas for control enhancements
- Lead process redesign efforts to ensure thorough and timely documentation and analysis of OREs and CAPS which includes the identification of relevant risks and implementation of mitigating controls
Do you have what it takes to lead the way in cyber security?
- Bachelor’s or Master’s Degree in related field preferred.
- CISA, CISM, or CRISC preferred.
- 3-5 years of financial services and/or issue management/remediation experience required, 5+ years preferred.
- Experience with development and/or assessment of technology controls required.
- Requires understanding of compliance, risk management and internal IT control frameworks
- Experience with the development and/or assessment of IT General Controls
- Experience in assessing technology risks and responding through development of controls
- Experience working with audit, compliance, operational risk, regulatory, and/or control functions
- Ability to synthesize large amounts of data into short key messages and identify and analyze related trends
- Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
- Strong interpersonal and collaboration skills / ability to develop relationships with peers in business unit and central operational risk management group
Why American Express Talk to our people and you’ll find out what we’re really all about. Inclusive, creative, thorough, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.