Why American Express?
There's a difference between having a job and making a difference.
American Express has been making a difference in people's lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take
on their biggest challenges and reap the greatest rewards.
We've also made a difference in the lives of our people, providing a culture of learning
and collaboration, and helping them with what they need to succeed and thrive. We
have their backs as they grow their skills, conquer new challenges, or even take time to
spend with their family or community. And when they're ready to take on a new career
path, we're right there with them, giving them the guidance and momentum into the
best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don't make a difference without it.
Don't live life without it.
Information Technology Risk Assessments protect enterprise value by providing timely and reliable technology risk assessments to influence critical business and technology decisions. Our mission is to; regularly and accurately measure, catalog, and communicate technology risk. Team functions include Information Security Assessments for New Product Approvals, Application Design Reviews, Technology Control Assessments, Entity Self Risk Assessments and Cyber Threat Risk Assessments.
Key responsibilities include:
* Assist with activities designed to systematically assess information security control performance against external regulations and control frameworks
* Evaluate the design effectiveness and operating effectiveness of existing documented technology controls
* Prepares materials to communicate risk such as powerpoint presentations, reports, and scorecards
* Works with technology and business partners across various functions to build a strong understanding of how technology and security controls are implemented to adequately determine the control's ability to reduce likelihood and impact of a risk event
* Assists in developing, implementing, and monitoring compliance to AXP and information security policies, standards and procedures, and documented controls
* Performs risk assessments on various scenarios, including requests for exceptions to IS/IT standards, requests to bypass specific controls, and specific risk scenarios
* Prepares status reports on information security assessments, or other matters to help develop, track, monitor and report on projects and initiatives
* Performs mapping exercises and gap analysis of control and risk frameworks
* Provides analytical support as needed for assessments, reporting, and special technology risk and information security projects
* Contribute to the implementation of an IT controls catalog by helping frame controls in the context of American Express standards and external frameworks
Required Work Experience, Education, Certification / Training:
* Bachelor's degree preferred (or equivalent work experience)
* Professional certifications preferred (CISSP, CRISC, CISA, PCI, CISM)
* Up to 4 years of relevant work experience
* Proficiency in information security, communications, risk management and audit (risk/security policies, procedures and controls)
* Knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. NIST, ISO, COBIT, etc.
Required Knowledge, Skills and Abilities:
* Strong work prioritization, planning, and interpersonal skills
* Strong written communication skills and proficiency in visual design and document publishing with a keen attention to detail and polish
* Industry and company knowledge
* Highly self-motivated and directed
* Ability to prioritize and execute tasks in a high-pressure environment
* Experience working in a team-oriented, collaborative environment
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
About American Express
American Express is a globally integrated payments company.