You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible — and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
Information Technology Risk Assessments protect enterprise value by providing timely and reliable technology risk assessments to influence critical business and technology decisions. Our mission is to; regularly and accurately measure, catalog, and communicate technology risk. Team functions include Information Security Assessments for New Product Approvals, Application Design Reviews, Technology Control Assessments, Entity Self Risk Assessments and Cyber Threat Risk Assessments.
Key responsibilities include:
- Assist with activities designed to systematically assess information security control performance against external regulations and control frameworks
- Evaluate the design effectiveness and operating effectiveness of existing documented technology controls
- Prepares materials to communicate risk such as powerpoint presentations, reports, and scorecards
- Works with technology and business partners across various functions to build a strong understanding of how technology and security controls are implemented to adequately determine the control’s ability to reduce likelihood and impact of a risk event
- Assists in developing, implementing, and monitoring compliance to AXP and information security policies, standards and procedures, and documented controls
- Performs risk assessments on various scenarios, including requests for exceptions to IS/IT standards, requests to bypass specific controls, and specific risk scenarios
- Prepares status reports on information security assessments, or other matters to help develop, track, monitor and report on projects and initiatives
- Performs mapping exercises and gap analysis of control and risk frameworks
- Provides analytical support as needed for assessments, reporting, and special technology risk and information security projects
- Contribute to the implementation of an IT controls catalog by helping frame controls in the context of American Express standards and external frameworks
Required Work Experience, Education, Certification / Training:
- Bachelor’s degree preferred (or equivalent work experience)
- Professional certifications preferred (CISSP, CRISC, CISA, PCI, CISM)
- Up to 4 years of relevant work experience
- Proficiency in information security, communications, risk management and audit (risk/security policies, procedures and controls)
- Knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. NIST, ISO, COBIT, etc.
Required Knowledge, Skills and Abilities:
- Strong work prioritization, planning, and interpersonal skills
- Strong written communication skills and proficiency in visual design and document publishing with a keen attention to detail and polish
- Industry and company knowledge
- Highly self-motivated and directed
- Ability to prioritize and execute tasks in a high-pressure environment
- Experience working in a team-oriented, collaborative environment
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Apr 21, 2021, 10:52:46 AM