• Optimize Technology regulatory and exam management process maturity and monitor emerging developments to assess the impacts and relevance to American Express and stay ahead of new policies and regulations.
• Manage American Express regulatory engagements, internal compliance audits, and external assessments for Technology programs, processes, and procedures.
• Respond to audit and examination requirements from both internal auditors and external examiners.
• Understand and be able to develop, implement, and follow-through on the lifecycle components of an MRA.
• Collaborate with Internal Audit Group, and 2nd line of defense partners to align data for reporting.
• Track and report status of open findings, MAPs, MRAs for Technology across the three lines of business.
• Provide understanding of results, findings, action plans, etc. to include plan activities, actions of coordination, priorities, steps, process, and timeline for monitoring.
• Create and maintain an accurate flow of audit and exam information including schedules, results, and statuses.

Required Qualifications:

• 10-15 years of Information Security or Technology Risk Management leadership experience.
• Strong in risk management. Ability to link threats to risk tolerance and control effectiveness measurements.
• Strong writing skills: the ability to frame messages for specific audiences and communicate information about complex issues to stakeholders in a clear and easy to understand way.
• Experience developing and reporting on project metrics to provide for different levels of an organization.
• Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
• Demonstrable leadership and team-building skills, with a proven track record for successful delivery of projects, working cross-functionally with Technology and Security teams.
• Understanding of information security regulatory landscape.

​

Preferred Qualifications:

• Commensurate academic credentials (bachelor’s degree / master's degree preferred) and security certifications (risk and regulatory preferred).
• Experience working with Regulators and in complex regulated businesses.
• Broad understanding of information security disciplines with emphasis on vulnerability management, data protection, infrastructure security, application security, identity and access, incident management and data analytics.
• Experience as an auditor in 2nd, 3rd, or regulatory spaces.

• NA