At American Express, our culture is built on a 175-year history of innovation, shared and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

The objective of the Tech Control Management Risk ID, Assessment, Testing and Reporting team is to identify, assess, mitigate, and report on Operational Risk within BU processes for Tech Control Management to ensure adherence to regulatory standards, Amex policy and enhance the BU's resilience through managing a clear methodology of inherent and residual risk.

Tech Control Management is looking for a Director of Risk ID, Assessment, Testing & Reporting to lead a diverse team of high-performing professionals focused on ensuring control management is embedded in the day-to-day operations of our organization. It will involve extensive collaboration with multiple partners across numerous business units, functional areas, and geographies.

The Director, Tech Control Management Risk ID, Assessment, Testing & Reporting will: Provide additional identification of risks throughout business processes and systems (along with business process owners)

Facilitate BUs in their risk assessments performance (e.g., Process Self Risk Assessments (PRSAs)) in addition to further assessments and testing / QA programs to ensure regulatory and internal standards are met (e.g., periodic PRSA reviews and update assessment criteria to align with regulatory updates)

Lead control monitoring (supplemental to BU process owners testing) and proactively communicate key OR trends, activities, and events to senior management, to facilitate informed decision-making

Proactively identify areas of high-risk for intervention (e.g., automated alerts generated for high-risk areas signal need for intervention and focus), including conducting independent quality assurance and vertical process testing

Compile thematic risk reporting (levels, trends, causes) to provide actionable insights to BU on current risk levels, emerging trends and root causes

Categorize controls and map against risks and processes (e.g., cross-BU process-control mapping)

Support BU with identification of risks and spotting areas where product changes or improved controls may be required within New Product Governance (NPG)

Champion risk management practices within the business

Develop risk dashboards and key risk indicators (KRIs) for ongoing monitoring

Develop risk profiles and maintain an updated risk register(s)

Be a key leader for sharing insights, better practices, themes, etc. across the enterprise Required Qualifications: 10+ years of relevant experience in IT risk management, internal/external audit, SOX/ITGC testing, or controls assurance

Excellent project management, communication, and interpersonal skills, with an ability to interact and obtain buy-in from senior BU/tech counterparts

Expertise in process governance, with a track record of establishing and overseeing robust decision-making processes that align with policies, regulatory frameworks, and/or operational standards

Experience within financial services industry

Strong analytical and problem-solving skills, with an ability to analyze data, identify trends, and evaluate risk scenarios effectively

Demonstrated history and ability to manage large teams, spread over geographies and with varying backgrounds

Bachelor's Degree in IT, Finance, Business, Risk Mgmt., or related field; advanced degrees (e.g., MBA, MSc) or certifications are advantageous

Strong understanding of technology risk domains including access management, change management, system development lifecycle, infrastructure, and cloud technologies Preferred Qualifications: Experience in at least one of the following:

Providing identification of operational risks throughout business processes and systems

Facilitating risk assessment performance in addition to further assessments and testing programs to ensure regulatory and internal standards are met

Enhancing risk assessments and associated methodologies

Leading independent control monitoring, including identification of control improvements

Identifying areas of risk for intervention, including conducting independent quality assurance and process testing

Compiling thematic risk reporting to provide actionable insights on risk levels, emerging trends and root causes

CISA, CISSP, CRISC, or CISM Certified ORMCM

Salary Range: $170,000.00 to $255,000.00 annually + bonus + equity (if applicable) + benefits

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors.

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries

Bonus incentives

6% Company Match on retirement savings plan

Free financial coaching and financial well-being support

Comprehensive medical, dental, vision, life insurance, and disability benefits

Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need

20+ weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy

Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)

Free and confidential counseling support through our Healthy Minds program

Career development and training opportunities