This position is part of the Global Risk and Compliance Organization and reports to the lead VP for Information Security & Information Technology Oversight. Information security and information technology are key contributors to loyalty, customer experience, and the American Express brand. Properly assessing, managing, and overseeing information security and information technology risk is critical to the Company’s business. A successful candidate will be deep technology and security subject matter expertise integration into industry working groups and emerging technologies which impact cyber security. The position will require a strong team player who is comfortable interacting with other risk oversight functions, compliance, operational excellence, privacy, technology and many other partners throughout the enterprise.
A successful candidate will have demonstrated the ability to manage information security and technology risk, both strategically and tactically, and will understand the role of a strong governance framework and risk management program. The VP of Information Security and Technology Oversight will lead a small, experienced, team of information security and technology risk oversight professionals who drive the technical challenge component of our oversight program.
Essential Job Functions:
Lead independent assessment pillar of Information Security and Technology first line of defense and assess the alignment of risk management with the companies risk framework; providing an independent view on how information security and technology risk is managed by 1st line
Lead the banking and regulatory pillar of the Information Security and Technology Oversight program across markets including collaborating with the Chief Risk Officers of American Express’ Banks and regulated legal entities globally and in the overall administration of the banks.
Assist, advise, and guide the business and 1st line information security and technology teams in accomplishing risk management goals
Assist in the development of metrics/KRIs/KPIs to manage information security and technology functions and program level risks
Provide a bridge between formal audit inspection and risk management processes of the business and 1st line information security teams
Provide guidance and training related to information security and technology risk management and control processes
Ensure company’s information security and technology risk remains within appetite and tolerance levels (monitoring information security risk thresholds and accumulation of risk across markets and BUs)
Escalate critical issues, emerging risks, outliners and identify shifts in the organization risk appetite
Engage external information security resources and stakeholders to identify emerging information security and technology risks and best practices mitigation and program management
Challenge 1st lines’ input to, and output from, the bank’s risk management, risk measurement and reporting systems
Oversee bank and vendor/affiliate information security and technology programs to ensure they are commensurate with the best interest of shareholders, customers, employees, and the public.
Interfaces regularly with global banking regulators to provide updates on oversight activities
Minimum five years’ operational experience in senior Information Security or Technology role required
Experiencing building and operating first line information security or technology programs
Experience managing regulatory relationships and exams across global markets, including familiarity with US federal financial guidelines, examples include: FFIEC, OCC, & FDIC. Knowledge of international guidelines a plus, examples include: RBI, OSFI, & CNBV.
Knowledge of layered defense models including the cyber kill chain and MITRE frameworks for characterization of cyber risk
Experience leading highly skilled, diverse teams
Superior problem-solving, strong analytical skill, strong learning agility and willingness to embrace new challenges
Thought leadership and ability to influence business partners
Attention to details with strong strategic view
Strong communication skills and excellent relationship building skills
Experience working in a regulated environment and interfacing with regulators
Knowledgeable in the three-lines-of-defense model
Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field (or equivalent work experience). Advanced degree preferred.
Professional certification preferred (e.g. CISSP, MCSE, CGEIT, CCNP, CRISC.)
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
This role can be based out of Phoenix, AZ or NY, NY
Internal Number: 19006281
About American Express
Why American Express?There’s a difference between having a job and making a difference. American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards. We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision. Because we believe that the best way to back our customers is to back our people. The powerful backing of American Express.Don’t make a difference without it.Don’t live life without it.