At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact in this role?

The Technical Risk Management (TRM) team, within the Global Risk and Compliance organization and led by the Chief Risk Officer, manage operational risks associated with Information & Cyber Security Risk, Business Disruption, Technology   Risk, Data   Risk, & AI   Risk Management. The team also ensures that risk management activities are conducted in a manner compliant with regulatory requirements and expectations. The team aggregates and reports on key risk management and oversight activities to the relevant management and Board risk committees.

Functional Description

This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the technology and cyber security risks.

Reporting to the Director for Cyber Security and Technology Risk oversight, this position is responsible for independently assessing, reporting, and aggregating Cybersecurity and Technology risks. The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure data risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements.

This position will be based in the Toronto office, Canada. The role will report to a U.S or India based Director and will have a dotted reporting line to the Chief Risk Officer of ABC.

Essential Job Functions
 

Conduct technical assessments for different areas such as OSFI Self-Assessment (OSFI: Office of the Superintendent of Financial Institutions) to report on compliance/non-compliance with regulatory expectations and report on key current and emerging risks.

Proactively conduct independent oversight of technology, cyber security, and business disruption risk management practices for American Express and it’s banking entities, including risks generated by business processes or that occur due to the use of Technology.

Perform data-driven reviews focused on technology, cyber security, and business disruption management risks.

Leverage SQL, Python and other analytical tools to design implement and automate new Key Risk Indicators (KRI) and Key Performance Indicators that help identify key cybersecurity, technology and resiliency risks.

Learn technology, cyber security, and business continuity management processes at American Express, demonstrating strong levels of curiosity and willingness, to present an effective credible challenge.

Develop and enhance data-driven key risk indicators and key performance indicators that provide real time and meaningful insights into the risk and performance trends.

Stay knowledgeable of relevant regulations, guidelines & industry standards.

Support the design of independent technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, Business Disruption Management, New Product Approval, Mergers & Acquisitions etc.

Represent second line of defense in various committee activities and inform the Chief Risk Officer of the key risks.

Required Qualifications
 

Bachelor’s Degree in a related field.

5+ years of experience in risk management across any of the three lines of defense.

Proven ability to identify risks, analyze issues and derive meaningful insights about risk trends by conducting interviews and analyzing large volumes of data.

Excellent analytical skills with high attention to detail and accuracy.

Strong knowledge of one or more of the data mining/big data analytical tools (e.g. Microsoft Excel: Pivot Tables SQL, SAS, Python, R, Power BI, Qlik).

Excellent critical thinking and problem-solving skills.

Required self-starter who can work with minimal supervision.

Excellent verbal, written and interpersonal communication skills.

Willingness to challenge traditional thinking by actively engaging in constructive dialogue.

Preferred Qualifications

Educational background: Computer Science, Information Systems, Engineering.  

Experience in risk management across cyber security, information technology, third party, business disruption and operational resilience.

Relevant Industry certifications (e.g. CISM, CISA, CRISC, CISSP, CCSK, CompTIA Cloud +, CCSP etc.).

Understanding of risk assessment methodologies, frameworks and industry standards (e.g. COSO, COBIT, ISO 27001, FAIR or NIST RMF).

Knowledge of relevant policies & regulations (e.g. OSFI B13, OCC Heightened Standards, FFIEC IT booklets).

Experience with Governance, Risk and Compliance tools (e.g. Archer).

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities

American Express is committed to providing an inclusive and accessible work environment in which all people who apply for positions or who work for or on behalf of Amex are treated with dignity and respect and are provided with equal treatment with respect to employment, regardless of that person's age, sex, sexual orientation, gender identity, gender expression, race, colour, ancestry, ethnic or national origin, citizenship, religion or creed, marital status, family status, pregnancy, disability, record of offences, social condition or origin, political beliefs, association or activity or other factors prohibited under applicable Human Rights legislation (the “Prohibited Grounds”).   If you have a disability and need accommodation, please speak with the Recruiter for more information.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.