Information Security Analyst - Technology Control Management Governance

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other.

Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact every colleague has the opportunity to share in the company’s success.

Together, we’ll win as a team, striving to uphold our and powerful backing promise to provide the world’s best customer experience every day.

And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives.

Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems.

American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source.

And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development.

Find your place in technology on #TeamAmex.

The objective of the Technology Control Management Governance team is to establish the Operational Risk and Controls strategy for Technology, set up a foundational governance structure that ensures operational risks are identified, assessed, and managed in compliance with enterprise Operational Risk Management programs and reporting.

Technology Control Management is looking for an Analyst of Governance focused on ensuring control management is embedded in the day-to-day operations of our organization.

It will involve extensive collaboration with multiple partners across numerous business units, functional areas, and geographies.

The Analyst, Technology Governance will :

• Support execution plans for operational risk management within the business unit (BU), including BU specific guidelines, project plans, etc.
• Track issues with KRI limits and risk appetite for Technology to ensure operational risks are
• managed within agreed thresholds, and leverage these metrics to help detect significant or concerning rises in emerging problems, e.

g., upticks in reload complaints, then escalate and flag concerns accordingly

• Implement the operational risk framework to enable effective risk management and decision making in the BU
• Manage risk and controls governance forums for Technology, interfacing with org-wide governance processes and committees (e.

g., Operational Risk Management Committee) and share insights and lessons learned across forums

Help create BU-specific procedures and additional standards (i.e., escalation protocols), related to the execution of the Operational Risk Management programs

Facilitate the understanding and use of the risk governance framework across BUs through regular communication

Support the day-to-day internal and external exam management process, working with the Enterprise functions (e.g., data request compilation, action implementation, and regulatory adherence)

Aggregate reporting, approvals / exceptions and support "change-the-function" activities for the BU

Administer implementation of comprehensive training initiatives and clear career progression plans that align with Operational Risk Management

Manage processes to ensure and monitor the integration of regulatory changes & updates into the Operational Risk framework and training materials

Support sharing insights, better practices, themes, etc. across the enterprise

Qualifications :

• Bachelor's Degree in Risk Mgmt, Information Security, Business, or related field; advanced degrees (e.g., MBA, MSc) or certifications are advantageous
• 5 years of relevant experience preferred
• Experience in operational risk management (e.g., within Risk and / or Internal Audit function) and understands critical operational risk management lifecycle activities
• Experience in at least one of the following in a supporting role : Translating operational risk strategy and appetite into execution guidelines;
• Tracking and identifying issues with Key Risk Indicator (KRI) limits and risk appetite to ensure operational risks are managed within agreed thresholds;
• Implementing the operational risk governance frameworks; Creating, communicating and ensuring understanding and adherence to operational risk procedures and standards;

Supporting the operational risk exam management processes

• Strong analytical and problem-solving skills, with an ability to analyze data, identify trends, and evaluate risk scenarios effectively
• Experience in data analytics
• Agile best practices understanding
• Understanding of NIST, ISO, PCI, etc.
• Excellent qualitative analytical skills
• Project management skills

Excellent communication and interpersonal skills, with an ability to interact senior BU / tech counterparts

• Experience in process governance, establishing and overseeing robust decision-making processes that align with policies, regulatory frameworks, and / or operational standards
• CISA, CRISC, or CISM preferred

ORMCM

Salary Range : $85,000.00 to $150,000.00 annually + bonus + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include :

• Competitive base salaries
• Bonus incentives
• 6% Company Match on retirement savings plan
• Free financial coaching and financial well-being support
• Comprehensive medical, dental, vision, life insurance, and disability benefits
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• 20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities
30+ days ago