Director, Technology Audit

Get Referred

Job Description

American Express is currently recruiting for IT Audit Director role within the Technology (Cybersecurity & IT Process) Audit portfolio. This audit portfolio covers technically sophisticated and highly automated processes within Information Security, Infrastructure, and IT Processes (including Identity & Access Management, Application Development, Change & Release Management, Incident & Problem Management, and IT Asset & Configuration Management).
The IT Audit Director will lead the planning, execution, and issue resolution processes of technically complex audits, which includes obtaining detailed process understanding, identifying/confirming risks and controls, designing/executing tests of design and operating effectiveness, and evaluating results and potential issues. In addition, the IT Audit Director will execute ongoing business monitoring testing, assist with internal training & development programs and validate internal audit and regulatory identified action plans from management. This role will have the opportunity to communicate regularly with leaders throughout the American Express Technology organization.
The IT Audit Director will help oversee risk assessment, audit planning, execution and reporting processes, as well as assist in annual planning, maintaining cyber coverage strategy, mapping regulatory compliance requirements, defining portfolio specific execution protocols, and overseeing ongoing business monitoring. This role will also have an opportunity to help lead a training and development program we are building in-house to give our technology and non-technology auditors more knowledge and “hands on the keyboard experience” with key information security related concepts. This role will have the opportunity to communicate regularly with leaders of the first line American Express Information Security and Global Infrastructure organizations, the second line Information Technology/Information Security oversight organization, as well as regulators. 


  • 8-10+ years relevant IT audit, IT consulting, and/or hands on IT/cybersecurity experience in a Big 4 or financial services environment required
  • Experience and/or strong acumen to quickly grasp highly technical risks, concepts, and processes related to a complex information security and technology environment is required. Subject matter experience includes: threat & vulnerability management, IT asset & configuration management, network, server and endpoint security, encryption and data protection, enterprise resilience, cloud computing, DevOps, and third party security risk management.
  • Certified Information Systems Auditor (CISA) or relevant advanced industry certification required
  • One or more relevant advanced industry certification(s) desired (e.g., CISSP, CISA, CEH) strongly preferred
  • Experience in interacting directly with regulators is strongly preferred
  • Knowledge of relevant regulations and frameworks; including COSO, COBIT, PCI, NIST, ITIL, Cloud Control Framework, FFIEC, GLBA 501(b) desired
  • Bachelors degree required

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


ReqID: 19015721
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Oct 3, 2019, 5:22:28 PM